Split operations into individual wiki pages with verified examples

Replace the monolithic operations.md with one page per operation:
merge, intersect, exclude, diff, reduce, compare, count-unique.

Every example in every page was run against the built iprange binary
and the output copied verbatim into the documentation.

Author: ktsaou

README.md

@@ -378,12 +378,11 @@ To skip the man page: `./configure --disable-man`
 
 Detailed guides in the [`wiki/`](wiki/) directory (also published to the [GitHub wiki](https://github.com/firehol/iprange/wiki)):
 
-- [Input formats](wiki/input-formats.md) — every accepted format, file lists, directories, binary
-- [Output formats](wiki/output-formats.md) — CIDR, ranges, single IPs, binary, CSV, prefix/suffix
-- [Operations](wiki/operations.md) — merge, intersect, exclude, diff, reduce, compare, count
-- [IPv6 support](wiki/ipv6.md) — address family, normalization, cross-family rules
-- [DNS resolution](wiki/dns-resolution.md) — threading, retry, configuration
-- [Optimizing ipsets for iptables](wiki/ipset-reduce.md) — prefix reduction with examples
+**Operations** — one page per operation with verified examples:
+[Merge](wiki/merge.md) | [Intersection](wiki/intersect.md) | [Exclude](wiki/exclude.md) | [Diff](wiki/diff.md) | [Reduce](wiki/reduce.md) | [Compare](wiki/compare.md) | [Count](wiki/count-unique.md)
+
+**Reference:**
+[Input formats](wiki/input-formats.md) | [Output formats](wiki/output-formats.md) | [IPv6](wiki/ipv6.md) | [DNS resolution](wiki/dns-resolution.md) | [Ipset optimization](wiki/ipset-reduce.md)
 
 ## Getting help
 

wiki/Home.md

@@ -6,12 +6,23 @@ For 1 million input lines, a merge completes in under a second.
 
 ## Documentation
 
+### Operations
+
+- [Merge / Union](merge.md) — merge all inputs into one optimized set (default mode)
+- [Intersection](intersect.md) — find IPs common to all inputs
+- [Complement / Exclude](exclude.md) — remove one set from another
+- [Symmetric Difference](diff.md) — find IPs in either set but not both
+- [Reduce Prefixes](reduce.md) — reduce CIDR prefix diversity for firewall performance
+- [Compare](compare.md) — compare sets pairwise as CSV (all, first, next)
+- [Count Unique](count-unique.md) — count entries and unique IPs as CSV
+
+### Reference
+
 - [Input formats](input-formats.md) — every accepted format, file lists, directories, binary input
 - [Output formats](output-formats.md) — CIDR, ranges, single IPs, binary, CSV, prefix/suffix strings
-- [Operations](operations.md) — merge, intersect, exclude, diff, reduce, compare, count
 - [IPv6 support](ipv6.md) — address family selection, normalization, cross-family rules
 - [DNS resolution](dns-resolution.md) — parallel threading, retry, configuration
-- [Optimizing ipsets for iptables](ipset-reduce.md) — prefix reduction tutorial with examples
+- [Optimizing ipsets for iptables](ipset-reduce.md) — extended tutorial with real-world examples
 
 ## Quick reference
 

wiki/compare.md

@@ -0,0 +1,67 @@
+# Compare
+
+Compare IP sets pairwise and print CSV with overlap statistics.
+
+Three comparison modes are available:
+
+## Compare all (`--compare`)
+
+Compare every file with every other file.
+
+```
+# list-a.txt          # list-b.txt          # list-c.txt
+10.0.0.0/24           10.0.0.128/25         10.0.0.0/16
+10.0.1.0/24           10.0.2.0/24           172.16.0.0/12
+192.168.1.0/24        192.168.1.0/24
+```
+
+```
+$ iprange --compare --header list-a.txt list-b.txt list-c.txt
+name1,name2,entries1,entries2,ips1,ips2,combined_ips,common_ips
+list-a.txt,list-b.txt,2,3,768,640,1024,384
+list-a.txt,list-c.txt,2,2,768,1114112,1114368,512
+list-b.txt,list-c.txt,3,2,640,1114112,1114368,384
+```
+
+**Columns**: name1, name2, entries in each, unique IPs in each, combined (union) IPs, common (intersection) IPs.
+
+## Compare first (`--compare-first`)
+
+Compare the first file against each subsequent file.
+
+```
+$ iprange --compare-first --header list-a.txt list-b.txt list-c.txt
+name,entries,unique_ips,common_ips
+list-b.txt,3,640,384
+list-c.txt,2,1114112,512
+```
+
+This is useful for checking how much of a reference list overlaps with each of several other lists.
+
+## Compare next (`--compare-next`)
+
+**Positional**: compare files before the option against files after it.
+
+```
+$ iprange list-a.txt --compare-next list-b.txt list-c.txt --header
+name1,name2,entries1,entries2,ips1,ips2,combined_ips,common_ips
+list-a.txt,list-b.txt,2,3,768,640,1024,384
+list-a.txt,list-c.txt,2,2,768,1114112,1114368,512
+```
+
+Only `list-a.txt` (before `--compare-next`) is compared against `list-b.txt` and `list-c.txt` (after it).
+
+## Naming files in CSV output
+
+Use `as NAME` after a filename to set a custom name in the CSV:
+
+```
+$ iprange --count-unique-all --header list-a.txt as "Blocklist A" list-b.txt as "Blocklist B"
+name,entries,unique_ips
+Blocklist A,2,768
+Blocklist B,3,640
+```
+
+## CSV header
+
+All CSV modes default to no header. Add `--header` to include column names as the first row.

wiki/count-unique.md

@@ -0,0 +1,61 @@
+# Count Unique
+
+Print entry counts and unique IP counts as CSV.
+
+Two counting modes are available:
+
+## Count merged (`--count-unique` / `-C`)
+
+Merge all inputs and print a single CSV line with the totals:
+
+```
+# list-a.txt          # list-b.txt
+10.0.0.0/24           10.0.0.128/25
+10.0.1.0/24           10.0.2.0/24
+192.168.1.0/24        192.168.1.0/24
+```
+
+```
+$ iprange -C --header list-a.txt list-b.txt
+entries,unique_ips
+2,1024
+```
+
+The merged set has 2 entries (ranges) covering 1024 unique IPs.
+
+## Count per file (`--count-unique-all`)
+
+Print one CSV line per input file without merging:
+
+```
+$ iprange --count-unique-all --header list-a.txt list-b.txt list-c.txt
+name,entries,unique_ips
+list-a.txt,2,768
+list-b.txt,3,640
+list-c.txt,2,1114112
+```
+
+## Naming files in CSV output
+
+Use `as NAME` to customize the name column:
+
+```
+$ iprange --count-unique-all --header list-a.txt as "Blocklist A" list-b.txt as "Blocklist B"
+name,entries,unique_ips
+Blocklist A,2,768
+Blocklist B,3,640
+```
+
+## IPv6
+
+```
+$ printf '2001:db8::/32\n' | iprange -6 -C --header
+entries,unique_ips
+1,79228162514264337593543950336
+```
+
+IPv6 unique IP counts are printed as full 128-bit decimal numbers.
+
+## CSV header
+
+Add `--header` to include column names. Without it, only data lines are printed.

wiki/diff.md

@@ -0,0 +1,58 @@
+# Symmetric Difference
+
+Print the IPs that exist in either A or B, but **not both**.
+
+**Aliases**: `--diff`, `--diff-next`
+
+## How it works
+
+This is a **positional** operation:
+1. All files before `--diff` are merged into set **A**
+2. All files after `--diff` are merged into set **B**
+3. The output is (A - B) union (B - A) — the XOR of the two sets
+
+**Exit code**: 0 if the sets are identical (no output), 1 if there are differences. This makes `--diff` useful in scripts to detect changes.
+
+## Examples
+
+Compare two versions of a blocklist:
+
+```
+# before.txt            # after.txt
+10.0.0.0/24             10.0.0.0/24
+10.0.1.0/24             10.0.1.0/25      # shrunk
+10.0.2.0/24             10.0.2.0/24
+                         10.0.3.0/24      # added
+```
+
+```
+$ iprange before.txt --diff after.txt
+10.0.1.128/25
+10.0.3.0/24
+```
+
+The output shows `10.0.1.128/25` (the upper half of the /24 that was shrunk to a /25) and `10.0.3.0/24` (newly added). The two entries that remained identical are excluded.
+
+**Exit code check**:
+
+```
+$ iprange before.txt --diff after.txt
+10.0.1.128/25
+10.0.3.0/24
+$ echo $?
+1
+```
+
+```
+$ iprange before.txt --diff before.txt
+$ echo $?
+0
+```
+
+**Quiet mode** — suppress output, only check exit code:
+
+```
+$ iprange before.txt --diff after.txt --quiet
+$ echo $?
+1
+```

wiki/exclude.md

@@ -0,0 +1,80 @@
+# Complement / Exclude
+
+Merge all files before `--except`, then remove all IPs matched by the files after it.
+
+**Aliases**: `--except`, `--exclude-next`, `--complement`, `--complement-next`
+
+## How it works
+
+This is a **positional** operation:
+1. All files before `--except` are merged into set **A**
+2. Each file after `--except` is subtracted from A, one by one
+3. The result is the IPs in A that are not in any of the subtracted sets
+
+## Examples
+
+Remove specific entries from a whitelist:
+
+```
+# allow.txt               # deny.txt
+10.0.0.0/8                10.0.0.0/24
+172.16.0.0/12             172.16.0.0/16
+192.168.0.0/16            192.168.1.100
+```
+
+```
+$ iprange allow.txt --except deny.txt
+10.0.1.0/24
+10.0.2.0/23
+10.0.4.0/22
+10.0.8.0/21
+10.0.16.0/20
+10.0.32.0/19
+10.0.64.0/18
+10.0.128.0/17
+10.1.0.0/16
+10.2.0.0/15
+10.4.0.0/14
+10.8.0.0/13
+10.16.0.0/12
+10.32.0.0/11
+10.64.0.0/10
+10.128.0.0/9
+172.17.0.0/16
+172.18.0.0/15
+172.20.0.0/14
+172.24.0.0/13
+192.168.0.0/24
+192.168.1.0/26
+192.168.1.64/27
+192.168.1.96/30
+192.168.1.101
+192.168.1.102/31
+192.168.1.104/29
+192.168.1.112/28
+192.168.1.128/25
+192.168.2.0/23
+192.168.4.0/22
+192.168.8.0/21
+192.168.16.0/20
+192.168.32.0/19
+192.168.64.0/18
+192.168.128.0/17
+```
+
+The `10.0.0.0/24` was carved out of `10.0.0.0/8`, leaving the remaining address space as multiple CIDRs. The single IP `192.168.1.100` was punched out of `192.168.0.0/16`, creating a gap around it.
+
+## IPv6
+
+```
+$ printf '2001:db8::/32\n' > all.txt
+$ printf '2001:db8:1::/48\n' > remove.txt
+$ iprange -6 all.txt --except remove.txt | head -5
+2001:db8::/48
+2001:db8:2::/47
+2001:db8:4::/46
+2001:db8:8::/45
+2001:db8:10::/44
+```
+
+Carving a /48 out of a /32 leaves 16 CIDR blocks covering the remaining address space.

wiki/intersect.md

@@ -0,0 +1,39 @@
+# Intersection
+
+Print only the IPs that appear in **all** input files.
+
+**Aliases**: `--common`, `--intersect`, `--intersect-all`
+
+## How it works
+
+Each input file is optimized, then the intersection is computed pairwise. An IP appears in the output only if it is covered by every input file. If the files have no overlap, the output is empty.
+
+## Examples
+
+Find IPs common to two blocklists:
+
+```
+# list-a.txt          # list-b.txt
+10.0.0.0/24           10.0.0.128/25
+10.0.1.0/24           10.0.2.0/24
+192.168.1.0/24        192.168.1.0/24
+```
+
+```
+$ iprange --common list-a.txt list-b.txt
+10.0.0.128/25
+192.168.1.0/24
+```
+
+Only the upper half of `10.0.0.0/24` (which is `10.0.0.128/25`) overlaps with `list-b.txt`'s `10.0.0.128/25`. `192.168.1.0/24` is in both files. `10.0.1.0/24` and `10.0.2.0/24` have no overlap and are excluded.
+
+## IPv6
+
+```
+$ printf '2001:db8::/32\n' > v6-a.txt
+$ printf '2001:db8:1::/48\n2001:db9::/32\n' > v6-b.txt
+$ iprange -6 --common v6-a.txt v6-b.txt
+2001:db8:1::/48
+```
+
+The `/32` in v6-a.txt contains the `/48` from v6-b.txt. The `2001:db9::/32` in v6-b.txt does not overlap.