001 /*
002 * Copyright (C) 2008 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016
017 package com.google.common.net;
018
019 import com.google.common.annotations.Beta;
020 import com.google.common.annotations.VisibleForTesting;
021 import com.google.common.base.Preconditions;
022 import com.google.common.io.ByteStreams;
023 import com.google.common.primitives.Ints;
024
025 import java.net.Inet4Address;
026 import java.net.Inet6Address;
027 import java.net.InetAddress;
028 import java.net.UnknownHostException;
029 import java.nio.ByteBuffer;
030 import java.util.Arrays;
031
032 import javax.annotation.Nullable;
033
034 /**
035 * Static utility methods pertaining to {@link InetAddress} instances.
036 *
037 * <p><b>Important note:</b> Unlike {@code InetAddress.getByName()}, the
038 * methods of this class never cause DNS services to be accessed. For
039 * this reason, you should prefer these methods as much as possible over
040 * their JDK equivalents whenever you are expecting to handle only
041 * IP address string literals -- there is no blocking DNS penalty for a
042 * malformed string.
043 *
044 * <p>This class hooks into the {@code sun.net.util.IPAddressUtil} class
045 * to make use of the {@code textToNumericFormatV4} and
046 * {@code textToNumericFormatV6} methods directly as a means to avoid
047 * accidentally traversing all nameservices (it can be vitally important
048 * to avoid, say, blocking on DNS at times).
049 *
050 * <p>When dealing with {@link Inet4Address} and {@link Inet6Address}
051 * objects as byte arrays (vis. {@code InetAddress.getAddress()}) they
052 * are 4 and 16 bytes in length, respectively, and represent the address
053 * in network byte order.
054 *
055 * <p>Examples of IP addresses and their byte representations:
056 * <ul>
057 * <li>The IPv4 loopback address, {@code "127.0.0.1"}.<br/>
058 * {@code 7f 00 00 01}
059 *
060 * <li>The IPv6 loopback address, {@code "::1"}.<br/>
061 * {@code 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01}
062 *
063 * <li>From the IPv6 reserved documentation prefix ({@code 2001:db8::/32}),
064 * {@code "2001:db8::1"}.<br/>
065 * {@code 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01}
066 *
067 * <li>An IPv6 "IPv4 compatible" (or "compat") address,
068 * {@code "::192.168.0.1"}.<br/>
069 * {@code 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 00 01}
070 *
071 * <li>An IPv6 "IPv4 mapped" address, {@code "::ffff:192.168.0.1"}.<br/>
072 * {@code 00 00 00 00 00 00 00 00 00 00 ff ff c0 a8 00 01}
073 * </ul>
074 *
075 * <p>A few notes about IPv6 "IPv4 mapped" addresses and their observed
076 * use in Java.
077 * <br><br>
078 * "IPv4 mapped" addresses were originally a representation of IPv4
079 * addresses for use on an IPv6 socket that could receive both IPv4
080 * and IPv6 connections (by disabling the {@code IPV6_V6ONLY} socket
081 * option on an IPv6 socket). Yes, it's confusing. Nevertheless,
082 * these "mapped" addresses were never supposed to be seen on the
083 * wire. That assumption was dropped, some say mistakenly, in later
084 * RFCs with the apparent aim of making IPv4-to-IPv6 transition simpler.
085 *
086 * <p>Technically one <i>can</i> create a 128bit IPv6 address with the wire
087 * format of a "mapped" address, as shown above, and transmit it in an
088 * IPv6 packet header. However, Java's InetAddress creation methods
089 * appear to adhere doggedly to the original intent of the "mapped"
090 * address: all "mapped" addresses return {@link Inet4Address} objects.
091 *
092 * <p>For added safety, it is common for IPv6 network operators to filter
093 * all packets where either the source or destination address appears to
094 * be a "compat" or "mapped" address. Filtering suggestions usually
095 * recommend discarding any packets with source or destination addresses
096 * in the invalid range {@code ::/3}, which includes both of these bizarre
097 * address formats. For more information on "bogons", including lists
098 * of IPv6 bogon space, see:
099 *
100 * <ul>
101 * <li><a target="_parent"
102 * href="http://en.wikipedia.org/wiki/Bogon_filtering"
103 * >http://en.wikipedia.org/wiki/Bogon_filtering</a>
104 * <li><a target="_parent"
105 * href="http://www.cymru.com/Bogons/ipv6.txt"
106 * >http://www.cymru.com/Bogons/ipv6.txt</a>
107 * <li><a target="_parent"
108 * href="http://www.cymru.com/Bogons/v6bogon.html"
109 * >http://www.cymru.com/Bogons/v6bogon.html</a>
110 * <li><a target="_parent"
111 * href="http://www.space.net/~gert/RIPE/ipv6-filters.html"
112 * >http://www.space.net/~gert/RIPE/ipv6-filters.html</a>
113 * </ul>
114 *
115 * @author Erik Kline
116 * @since 5.0
117 */
118 @Beta
119 public final class InetAddresses {
120 private static final int IPV4_PART_COUNT = 4;
121 private static final int IPV6_PART_COUNT = 8;
122 private static final Inet4Address LOOPBACK4 =
123 (Inet4Address) forString("127.0.0.1");
124 private static final Inet4Address ANY4 =
125 (Inet4Address) forString("0.0.0.0");
126
127 private InetAddresses() {}
128
129 /**
130 * Returns an {@link Inet4Address}, given a byte array representation
131 * of the IPv4 address.
132 *
133 * @param bytes byte array representing an IPv4 address (should be
134 * of length 4).
135 * @return {@link Inet4Address} corresponding to the supplied byte
136 * array.
137 * @throws IllegalArgumentException if a valid {@link Inet4Address}
138 * can not be created.
139 */
140 private static Inet4Address getInet4Address(byte[] bytes) {
141 Preconditions.checkArgument(bytes.length == 4,
142 "Byte array has invalid length for an IPv4 address: %s != 4.",
143 bytes.length);
144
145 try {
146 InetAddress ipv4 = InetAddress.getByAddress(bytes);
147 if (!(ipv4 instanceof Inet4Address)) {
148 throw new UnknownHostException(
149 String.format("'%s' is not an IPv4 address.",
150 ipv4.getHostAddress()));
151 }
152
153 return (Inet4Address) ipv4;
154 } catch (UnknownHostException e) {
155
156 /*
157 * This really shouldn't happen in practice since all our byte
158 * sequences should be valid IP addresses.
159 *
160 * However {@link InetAddress#getByAddress} is documented as
161 * potentially throwing this "if IP address is of illegal length".
162 *
163 * This is mapped to IllegalArgumentException since, presumably,
164 * the argument triggered some bizarre processing bug.
165 */
166 throw new IllegalArgumentException(
167 String.format("Host address '%s' is not a valid IPv4 address.",
168 Arrays.toString(bytes)),
169 e);
170 }
171 }
172
173 /**
174 * Returns the {@link InetAddress} having the given string
175 * representation.
176 *
177 * <p>This deliberately avoids all nameservice lookups (e.g. no DNS).
178 *
179 * @param ipString {@code String} containing an IPv4 or IPv6 string literal,
180 * e.g. {@code "192.168.0.1"} or {@code "2001:db8::1"}
181 * @return {@link InetAddress} representing the argument
182 * @throws IllegalArgumentException if the argument is not a valid
183 * IP string literal
184 */
185 public static InetAddress forString(String ipString) {
186 byte[] addr = ipStringToBytes(ipString);
187
188 // The argument was malformed, i.e. not an IP string literal.
189 if (addr == null) {
190 throw new IllegalArgumentException(
191 String.format("'%s' is not an IP string literal.", ipString));
192 }
193
194 try {
195 return InetAddress.getByAddress(addr);
196 } catch (UnknownHostException e) {
197
198 /*
199 * This really shouldn't happen in practice since all our byte
200 * sequences should be valid IP addresses.
201 *
202 * However {@link InetAddress#getByAddress} is documented as
203 * potentially throwing this "if IP address is of illegal length".
204 *
205 * This is mapped to IllegalArgumentException since, presumably,
206 * the argument triggered some processing bug in either
207 * {@link IPAddressUtil#textToNumericFormatV4} or
208 * {@link IPAddressUtil#textToNumericFormatV6}.
209 */
210 throw new IllegalArgumentException(
211 String.format("'%s' is extremely broken.", ipString), e);
212 }
213 }
214
215 /**
216 * Returns {@code true} if the supplied string is a valid IP string
217 * literal, {@code false} otherwise.
218 *
219 * @param ipString {@code String} to evaluated as an IP string literal
220 * @return {@code true} if the argument is a valid IP string literal
221 */
222 public static boolean isInetAddress(String ipString) {
223 return ipStringToBytes(ipString) != null;
224 }
225
226 private static byte[] ipStringToBytes(String ipString) {
227 // Make a first pass to categorize the characters in this string.
228 boolean hasColon = false;
229 boolean hasDot = false;
230 for (int i = 0; i < ipString.length(); i++) {
231 char c = ipString.charAt(i);
232 if (c == '.') {
233 hasDot = true;
234 } else if (c == ':') {
235 if (hasDot) {
236 return null; // Colons must not appear after dots.
237 }
238 hasColon = true;
239 } else if (Character.digit(c, 16) == -1) {
240 return null; // Everything else must be a decimal or hex digit.
241 }
242 }
243
244 // Now decide which address family to parse.
245 if (hasColon) {
246 if (hasDot) {
247 ipString = convertDottedQuadToHex(ipString);
248 if (ipString == null) {
249 return null;
250 }
251 }
252 return textToNumericFormatV6(ipString);
253 } else if (hasDot) {
254 return textToNumericFormatV4(ipString);
255 }
256 return null;
257 }
258
259 private static byte[] textToNumericFormatV4(String ipString) {
260 String[] address = ipString.split("\\.", IPV4_PART_COUNT + 1);
261 if (address.length != IPV4_PART_COUNT) {
262 return null;
263 }
264
265 byte[] bytes = new byte[IPV4_PART_COUNT];
266 try {
267 for (int i = 0; i < bytes.length; i++) {
268 bytes[i] = parseOctet(address[i]);
269 }
270 } catch (NumberFormatException ex) {
271 return null;
272 }
273
274 return bytes;
275 }
276
277 private static byte[] textToNumericFormatV6(String ipString) {
278 // An address can have [2..8] colons, and N colons make N+1 parts.
279 String[] parts = ipString.split(":", IPV6_PART_COUNT + 2);
280 if (parts.length < 3 || parts.length > IPV6_PART_COUNT + 1) {
281 return null;
282 }
283
284 // Disregarding the endpoints, find "::" with nothing in between.
285 // This indicates that a run of zeroes has been skipped.
286 int skipIndex = -1;
287 for (int i = 1; i < parts.length - 1; i++) {
288 if (parts[i].length() == 0) {
289 if (skipIndex >= 0) {
290 return null; // Can't have more than one ::
291 }
292 skipIndex = i;
293 }
294 }
295
296 int partsHi; // Number of parts to copy from above/before the "::"
297 int partsLo; // Number of parts to copy from below/after the "::"
298 if (skipIndex >= 0) {
299 // If we found a "::", then check if it also covers the endpoints.
300 partsHi = skipIndex;
301 partsLo = parts.length - skipIndex - 1;
302 if (parts[0].length() == 0 && --partsHi != 0) {
303 return null; // ^: requires ^::
304 }
305 if (parts[parts.length - 1].length() == 0 && --partsLo != 0) {
306 return null; // :$ requires ::$
307 }
308 } else {
309 // Otherwise, allocate the entire address to partsHi. The endpoints
310 // could still be empty, but parseHextet() will check for that.
311 partsHi = parts.length;
312 partsLo = 0;
313 }
314
315 // If we found a ::, then we must have skipped at least one part.
316 // Otherwise, we must have exactly the right number of parts.
317 int partsSkipped = IPV6_PART_COUNT - (partsHi + partsLo);
318 if (!(skipIndex >= 0 ? partsSkipped >= 1 : partsSkipped == 0)) {
319 return null;
320 }
321
322 // Now parse the hextets into a byte array.
323 ByteBuffer rawBytes = ByteBuffer.allocate(2 * IPV6_PART_COUNT);
324 try {
325 for (int i = 0; i < partsHi; i++) {
326 rawBytes.putShort(parseHextet(parts[i]));
327 }
328 for (int i = 0; i < partsSkipped; i++) {
329 rawBytes.putShort((short) 0);
330 }
331 for (int i = partsLo; i > 0; i--) {
332 rawBytes.putShort(parseHextet(parts[parts.length - i]));
333 }
334 } catch (NumberFormatException ex) {
335 return null;
336 }
337 return rawBytes.array();
338 }
339
340 private static String convertDottedQuadToHex(String ipString) {
341 int lastColon = ipString.lastIndexOf(':');
342 String initialPart = ipString.substring(0, lastColon + 1);
343 String dottedQuad = ipString.substring(lastColon + 1);
344 byte[] quad = textToNumericFormatV4(dottedQuad);
345 if (quad == null) {
346 return null;
347 }
348 String penultimate = Integer.toHexString(((quad[0] & 0xff) << 8) | (quad[1] & 0xff));
349 String ultimate = Integer.toHexString(((quad[2] & 0xff) << 8) | (quad[3] & 0xff));
350 return initialPart + penultimate + ":" + ultimate;
351 }
352
353 private static byte parseOctet(String ipPart) {
354 // Note: we already verified that this string contains only hex digits.
355 int octet = Integer.parseInt(ipPart);
356 // Disallow leading zeroes, because no clear standard exists on
357 // whether these should be interpreted as decimal or octal.
358 if (octet > 255 || (ipPart.startsWith("0") && ipPart.length() > 1)) {
359 throw new NumberFormatException();
360 }
361 return (byte) octet;
362 }
363
364 private static short parseHextet(String ipPart) {
365 // Note: we already verified that this string contains only hex digits.
366 int hextet = Integer.parseInt(ipPart, 16);
367 if (hextet > 0xffff) {
368 throw new NumberFormatException();
369 }
370 return (short) hextet;
371 }
372
373 /**
374 * Returns the string representation of an {@link InetAddress}.
375 *
376 * <p>For IPv4 addresses, this is identical to
377 * {@link InetAddress#getHostAddress()}, but for IPv6 addresses, the output
378 * follows <a href="http://tools.ietf.org/html/rfc5952">RFC 5952</a>
379 * section 4. The main difference is that this method uses "::" for zero
380 * compression, while Java's version uses the uncompressed form.
381 *
382 * <p>This method uses hexadecimal for all IPv6 addresses, including
383 * IPv4-mapped IPv6 addresses such as "::c000:201". The output does not
384 * include a Scope ID.
385 *
386 * @param ip {@link InetAddress} to be converted to an address string
387 * @return {@code String} containing the text-formatted IP address
388 * @since 10.0
389 */
390 public static String toAddrString(InetAddress ip) {
391 Preconditions.checkNotNull(ip);
392 if (ip instanceof Inet4Address) {
393 // For IPv4, Java's formatting is good enough.
394 return ip.getHostAddress();
395 }
396 Preconditions.checkArgument(ip instanceof Inet6Address);
397 byte[] bytes = ip.getAddress();
398 int[] hextets = new int[IPV6_PART_COUNT];
399 for (int i = 0; i < hextets.length; i++) {
400 hextets[i] = Ints.fromBytes(
401 (byte) 0, (byte) 0, bytes[2 * i], bytes[2 * i + 1]);
402 }
403 compressLongestRunOfZeroes(hextets);
404 return hextetsToIPv6String(hextets);
405 }
406
407 /**
408 * Identify and mark the longest run of zeroes in an IPv6 address.
409 *
410 * <p>Only runs of two or more hextets are considered. In case of a tie, the
411 * leftmost run wins. If a qualifying run is found, its hextets are replaced
412 * by the sentinel value -1.
413 *
414 * @param hextets {@code int[]} mutable array of eight 16-bit hextets.
415 */
416 private static void compressLongestRunOfZeroes(int[] hextets) {
417 int bestRunStart = -1;
418 int bestRunLength = -1;
419 int runStart = -1;
420 for (int i = 0; i < hextets.length + 1; i++) {
421 if (i < hextets.length && hextets[i] == 0) {
422 if (runStart < 0) {
423 runStart = i;
424 }
425 } else if (runStart >= 0) {
426 int runLength = i - runStart;
427 if (runLength > bestRunLength) {
428 bestRunStart = runStart;
429 bestRunLength = runLength;
430 }
431 runStart = -1;
432 }
433 }
434 if (bestRunLength >= 2) {
435 Arrays.fill(hextets, bestRunStart, bestRunStart + bestRunLength, -1);
436 }
437 }
438
439 /**
440 * Convert a list of hextets into a human-readable IPv6 address.
441 *
442 * <p>In order for "::" compression to work, the input should contain negative
443 * sentinel values in place of the elided zeroes.
444 *
445 * @param hextets {@code int[]} array of eight 16-bit hextets, or -1s.
446 */
447 private static String hextetsToIPv6String(int[] hextets) {
448 /*
449 * While scanning the array, handle these state transitions:
450 * start->num => "num" start->gap => "::"
451 * num->num => ":num" num->gap => "::"
452 * gap->num => "num" gap->gap => ""
453 */
454 StringBuilder buf = new StringBuilder(39);
455 boolean lastWasNumber = false;
456 for (int i = 0; i < hextets.length; i++) {
457 boolean thisIsNumber = hextets[i] >= 0;
458 if (thisIsNumber) {
459 if (lastWasNumber) {
460 buf.append(':');
461 }
462 buf.append(Integer.toHexString(hextets[i]));
463 } else {
464 if (i == 0 || lastWasNumber) {
465 buf.append("::");
466 }
467 }
468 lastWasNumber = thisIsNumber;
469 }
470 return buf.toString();
471 }
472
473 /**
474 * Returns the string representation of an {@link InetAddress} suitable
475 * for inclusion in a URI.
476 *
477 * <p>For IPv4 addresses, this is identical to
478 * {@link InetAddress#getHostAddress()}, but for IPv6 addresses it
479 * compresses zeroes and surrounds the text with square brackets; for example
480 * {@code "[2001:db8::1]"}.
481 *
482 * <p>Per section 3.2.2 of
483 * <a target="_parent"
484 * href="http://tools.ietf.org/html/rfc3986#section-3.2.2"
485 * >http://tools.ietf.org/html/rfc3986</a>,
486 * a URI containing an IPv6 string literal is of the form
487 * {@code "http://[2001:db8::1]:8888/index.html"}.
488 *
489 * <p>Use of either {@link InetAddresses#toAddrString},
490 * {@link InetAddress#getHostAddress()}, or this method is recommended over
491 * {@link InetAddress#toString()} when an IP address string literal is
492 * desired. This is because {@link InetAddress#toString()} prints the
493 * hostname and the IP address string joined by a "/".
494 *
495 * @param ip {@link InetAddress} to be converted to URI string literal
496 * @return {@code String} containing URI-safe string literal
497 */
498 public static String toUriString(InetAddress ip) {
499 if (ip instanceof Inet6Address) {
500 return "[" + toAddrString(ip) + "]";
501 }
502 return toAddrString(ip);
503 }
504
505 /**
506 * Returns an InetAddress representing the literal IPv4 or IPv6 host
507 * portion of a URL, encoded in the format specified by RFC 3986 section 3.2.2.
508 *
509 * <p>This function is similar to {@link InetAddresses#forString(String)},
510 * however, it requires that IPv6 addresses are surrounded by square brackets.
511 *
512 * <p>This function is the inverse of
513 * {@link InetAddresses#toUriString(java.net.InetAddress)}.
514 *
515 * @param hostAddr A RFC 3986 section 3.2.2 encoded IPv4 or IPv6 address
516 * @return an InetAddress representing the address in {@code hostAddr}
517 * @throws IllegalArgumentException if {@code hostAddr} is not a valid
518 * IPv4 address, or IPv6 address surrounded by square brackets
519 */
520 public static InetAddress forUriString(String hostAddr) {
521 Preconditions.checkNotNull(hostAddr);
522 Preconditions.checkArgument(hostAddr.length() > 0, "host string is empty");
523 InetAddress retval = null;
524
525 // IPv4 address?
526 try {
527 retval = forString(hostAddr);
528 if (retval instanceof Inet4Address) {
529 return retval;
530 }
531 } catch (IllegalArgumentException e) {
532 // Not a valid IP address, fall through.
533 }
534
535 // IPv6 address
536 if (!(hostAddr.startsWith("[") && hostAddr.endsWith("]"))) {
537 throw new IllegalArgumentException("Not a valid address: \"" + hostAddr + '"');
538 }
539
540 retval = forString(hostAddr.substring(1, hostAddr.length() - 1));
541 if (retval instanceof Inet6Address) {
542 return retval;
543 }
544
545 throw new IllegalArgumentException("Not a valid address: \"" + hostAddr + '"');
546 }
547
548 /**
549 * Returns {@code true} if the supplied string is a valid URI IP string
550 * literal, {@code false} otherwise.
551 *
552 * @param ipString {@code String} to evaluated as an IP URI host string literal
553 * @return {@code true} if the argument is a valid IP URI host
554 */
555 public static boolean isUriInetAddress(String ipString) {
556 try {
557 forUriString(ipString);
558 return true;
559 } catch (IllegalArgumentException e) {
560 return false;
561 }
562 }
563
564 /**
565 * Evaluates whether the argument is an IPv6 "compat" address.
566 *
567 * <p>An "IPv4 compatible", or "compat", address is one with 96 leading
568 * bits of zero, with the remaining 32 bits interpreted as an
569 * IPv4 address. These are conventionally represented in string
570 * literals as {@code "::192.168.0.1"}, though {@code "::c0a8:1"} is
571 * also considered an IPv4 compatible address (and equivalent to
572 * {@code "::192.168.0.1"}).
573 *
574 * <p>For more on IPv4 compatible addresses see section 2.5.5.1 of
575 * <a target="_parent"
576 * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.1"
577 * >http://tools.ietf.org/html/rfc4291</a>
578 *
579 * <p>NOTE: This method is different from
580 * {@link Inet6Address#isIPv4CompatibleAddress} in that it more
581 * correctly classifies {@code "::"} and {@code "::1"} as
582 * proper IPv6 addresses (which they are), NOT IPv4 compatible
583 * addresses (which they are generally NOT considered to be).
584 *
585 * @param ip {@link Inet6Address} to be examined for embedded IPv4
586 * compatible address format
587 * @return {@code true} if the argument is a valid "compat" address
588 */
589 public static boolean isCompatIPv4Address(Inet6Address ip) {
590 if (!ip.isIPv4CompatibleAddress()) {
591 return false;
592 }
593
594 byte[] bytes = ip.getAddress();
595 if ((bytes[12] == 0) && (bytes[13] == 0) && (bytes[14] == 0)
596 && ((bytes[15] == 0) || (bytes[15] == 1))) {
597 return false;
598 }
599
600 return true;
601 }
602
603 /**
604 * Returns the IPv4 address embedded in an IPv4 compatible address.
605 *
606 * @param ip {@link Inet6Address} to be examined for an embedded
607 * IPv4 address
608 * @return {@link Inet4Address} of the embedded IPv4 address
609 * @throws IllegalArgumentException if the argument is not a valid
610 * IPv4 compatible address
611 */
612 public static Inet4Address getCompatIPv4Address(Inet6Address ip) {
613 Preconditions.checkArgument(isCompatIPv4Address(ip),
614 "Address '%s' is not IPv4-compatible.", toAddrString(ip));
615
616 return getInet4Address(copyOfRange(ip.getAddress(), 12, 16));
617 }
618
619 /**
620 * Evaluates whether the argument is a 6to4 address.
621 *
622 * <p>6to4 addresses begin with the {@code "2002::/16"} prefix.
623 * The next 32 bits are the IPv4 address of the host to which
624 * IPv6-in-IPv4 tunneled packets should be routed.
625 *
626 * <p>For more on 6to4 addresses see section 2 of
627 * <a target="_parent" href="http://tools.ietf.org/html/rfc3056#section-2"
628 * >http://tools.ietf.org/html/rfc3056</a>
629 *
630 * @param ip {@link Inet6Address} to be examined for 6to4 address
631 * format
632 * @return {@code true} if the argument is a 6to4 address
633 */
634 public static boolean is6to4Address(Inet6Address ip) {
635 byte[] bytes = ip.getAddress();
636 return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x02);
637 }
638
639 /**
640 * Returns the IPv4 address embedded in a 6to4 address.
641 *
642 * @param ip {@link Inet6Address} to be examined for embedded IPv4
643 * in 6to4 address.
644 * @return {@link Inet4Address} of embedded IPv4 in 6to4 address.
645 * @throws IllegalArgumentException if the argument is not a valid
646 * IPv6 6to4 address.
647 */
648 public static Inet4Address get6to4IPv4Address(Inet6Address ip) {
649 Preconditions.checkArgument(is6to4Address(ip),
650 "Address '%s' is not a 6to4 address.", toAddrString(ip));
651
652 return getInet4Address(copyOfRange(ip.getAddress(), 2, 6));
653 }
654
655 /**
656 * A simple data class to encapsulate the information to be found in a
657 * Teredo address.
658 *
659 * <p>All of the fields in this class are encoded in various portions
660 * of the IPv6 address as part of the protocol. More protocols details
661 * can be found at:
662 * <a target="_parent" href="http://en.wikipedia.org/wiki/Teredo_tunneling"
663 * >http://en.wikipedia.org/wiki/Teredo_tunneling</a>.
664 *
665 * <p>The RFC can be found here:
666 * <a target="_parent" href="http://tools.ietf.org/html/rfc4380"
667 * >http://tools.ietf.org/html/rfc4380</a>.
668 *
669 * @since 5.0
670 */
671 @Beta
672 public static final class TeredoInfo {
673 private final Inet4Address server;
674 private final Inet4Address client;
675 private final int port;
676 private final int flags;
677
678 /**
679 * Constructs a TeredoInfo instance.
680 *
681 * <p>Both server and client can be {@code null}, in which case the
682 * value {@code "0.0.0.0"} will be assumed.
683 *
684 * @throws IllegalArgumentException if either of the {@code port}
685 * or the {@code flags} arguments are out of range of an
686 * unsigned short
687 */
688 // TODO: why is this public?
689 public TeredoInfo(@Nullable Inet4Address server,
690 @Nullable Inet4Address client,
691 int port, int flags) {
692 Preconditions.checkArgument((port >= 0) && (port <= 0xffff),
693 "port '%s' is out of range (0 <= port <= 0xffff)", port);
694 Preconditions.checkArgument((flags >= 0) && (flags <= 0xffff),
695 "flags '%s' is out of range (0 <= flags <= 0xffff)", flags);
696
697 if (server != null) {
698 this.server = server;
699 } else {
700 this.server = ANY4;
701 }
702
703 if (client != null) {
704 this.client = client;
705 } else {
706 this.client = ANY4;
707 }
708
709 this.port = port;
710 this.flags = flags;
711 }
712
713 public Inet4Address getServer() {
714 return server;
715 }
716
717 public Inet4Address getClient() {
718 return client;
719 }
720
721 public int getPort() {
722 return port;
723 }
724
725 public int getFlags() {
726 return flags;
727 }
728 }
729
730 /**
731 * Evaluates whether the argument is a Teredo address.
732 *
733 * <p>Teredo addresses begin with the {@code "2001::/32"} prefix.
734 *
735 * @param ip {@link Inet6Address} to be examined for Teredo address
736 * format.
737 * @return {@code true} if the argument is a Teredo address
738 */
739 public static boolean isTeredoAddress(Inet6Address ip) {
740 byte[] bytes = ip.getAddress();
741 return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x01)
742 && (bytes[2] == 0) && (bytes[3] == 0);
743 }
744
745 /**
746 * Returns the Teredo information embedded in a Teredo address.
747 *
748 * @param ip {@link Inet6Address} to be examined for embedded Teredo
749 * information
750 * @return extracted {@code TeredoInfo}
751 * @throws IllegalArgumentException if the argument is not a valid
752 * IPv6 Teredo address
753 */
754 public static TeredoInfo getTeredoInfo(Inet6Address ip) {
755 Preconditions.checkArgument(isTeredoAddress(ip),
756 "Address '%s' is not a Teredo address.", toAddrString(ip));
757
758 byte[] bytes = ip.getAddress();
759 Inet4Address server = getInet4Address(copyOfRange(bytes, 4, 8));
760
761 int flags = ByteStreams.newDataInput(bytes, 8).readShort() & 0xffff;
762
763 // Teredo obfuscates the mapped client port, per section 4 of the RFC.
764 int port = ~ByteStreams.newDataInput(bytes, 10).readShort() & 0xffff;
765
766 byte[] clientBytes = copyOfRange(bytes, 12, 16);
767 for (int i = 0; i < clientBytes.length; i++) {
768 // Teredo obfuscates the mapped client IP, per section 4 of the RFC.
769 clientBytes[i] = (byte) ~clientBytes[i];
770 }
771 Inet4Address client = getInet4Address(clientBytes);
772
773 return new TeredoInfo(server, client, port, flags);
774 }
775
776 /**
777 * Evaluates whether the argument is an ISATAP address.
778 *
779 * <p>From RFC 5214: "ISATAP interface identifiers are constructed in
780 * Modified EUI-64 format [...] by concatenating the 24-bit IANA OUI
781 * (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit IPv4
782 * address in network byte order [...]"
783 *
784 * <p>For more on ISATAP addresses see section 6.1 of
785 * <a target="_parent" href="http://tools.ietf.org/html/rfc5214#section-6.1"
786 * >http://tools.ietf.org/html/rfc5214</a>
787 *
788 * @param ip {@link Inet6Address} to be examined for ISATAP address
789 * format.
790 * @return {@code true} if the argument is an ISATAP address
791 */
792 public static boolean isIsatapAddress(Inet6Address ip) {
793
794 // If it's a Teredo address with the right port (41217, or 0xa101)
795 // which would be encoded as 0x5efe then it can't be an ISATAP address.
796 if (isTeredoAddress(ip)) {
797 return false;
798 }
799
800 byte[] bytes = ip.getAddress();
801
802 if ((bytes[8] | (byte) 0x03) != (byte) 0x03) {
803
804 // Verify that high byte of the 64 bit identifier is zero, modulo
805 // the U/L and G bits, with which we are not concerned.
806 return false;
807 }
808
809 return (bytes[9] == (byte) 0x00) && (bytes[10] == (byte) 0x5e)
810 && (bytes[11] == (byte) 0xfe);
811 }
812
813 /**
814 * Returns the IPv4 address embedded in an ISATAP address.
815 *
816 * @param ip {@link Inet6Address} to be examined for embedded IPv4
817 * in ISATAP address
818 * @return {@link Inet4Address} of embedded IPv4 in an ISATAP address
819 * @throws IllegalArgumentException if the argument is not a valid
820 * IPv6 ISATAP address
821 */
822 public static Inet4Address getIsatapIPv4Address(Inet6Address ip) {
823 Preconditions.checkArgument(isIsatapAddress(ip),
824 "Address '%s' is not an ISATAP address.", toAddrString(ip));
825
826 return getInet4Address(copyOfRange(ip.getAddress(), 12, 16));
827 }
828
829 /**
830 * Examines the Inet6Address to determine if it is an IPv6 address of one
831 * of the specified address types that contain an embedded IPv4 address.
832 *
833 * <p>NOTE: ISATAP addresses are explicitly excluded from this method
834 * due to their trivial spoofability. With other transition addresses
835 * spoofing involves (at least) infection of one's BGP routing table.
836 *
837 * @param ip {@link Inet6Address} to be examined for embedded IPv4
838 * client address.
839 * @return {@code true} if there is an embedded IPv4 client address.
840 * @since 7.0
841 */
842 public static boolean hasEmbeddedIPv4ClientAddress(Inet6Address ip) {
843 return isCompatIPv4Address(ip) || is6to4Address(ip) ||
844 isTeredoAddress(ip);
845 }
846
847 /**
848 * Examines the Inet6Address to extract the embedded IPv4 client address
849 * if the InetAddress is an IPv6 address of one of the specified address
850 * types that contain an embedded IPv4 address.
851 *
852 * <p>NOTE: ISATAP addresses are explicitly excluded from this method
853 * due to their trivial spoofability. With other transition addresses
854 * spoofing involves (at least) infection of one's BGP routing table.
855 *
856 * @param ip {@link Inet6Address} to be examined for embedded IPv4
857 * client address.
858 * @return {@link Inet4Address} of embedded IPv4 client address.
859 * @throws IllegalArgumentException if the argument does not have a valid
860 * embedded IPv4 address.
861 */
862 public static Inet4Address getEmbeddedIPv4ClientAddress(Inet6Address ip) {
863 if (isCompatIPv4Address(ip)) {
864 return getCompatIPv4Address(ip);
865 }
866
867 if (is6to4Address(ip)) {
868 return get6to4IPv4Address(ip);
869 }
870
871 if (isTeredoAddress(ip)) {
872 return getTeredoInfo(ip).getClient();
873 }
874
875 throw new IllegalArgumentException(
876 String.format("'%s' has no embedded IPv4 address.",
877 toAddrString(ip)));
878 }
879
880 /**
881 * Evaluates whether the argument is an "IPv4 mapped" IPv6 address.
882 *
883 * <p>An "IPv4 mapped" address is anything in the range ::ffff:0:0/96
884 * (sometimes written as ::ffff:0.0.0.0/96), with the last 32 bits
885 * interpreted as an IPv4 address.
886 *
887 * <p>For more on IPv4 mapped addresses see section 2.5.5.2 of
888 * <a target="_parent"
889 * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.2"
890 * >http://tools.ietf.org/html/rfc4291</a>
891 *
892 * <p>Note: This method takes a {@code String} argument because
893 * {@link InetAddress} automatically collapses mapped addresses to IPv4.
894 * (It is actually possible to avoid this using one of the obscure
895 * {@link Inet6Address} methods, but it would be unwise to depend on such
896 * a poorly-documented feature.)
897 *
898 * @param ipString {@code String} to be examined for embedded IPv4-mapped
899 * IPv6 address format
900 * @return {@code true} if the argument is a valid "mapped" address
901 * @since 10.0
902 */
903 public static boolean isMappedIPv4Address(String ipString) {
904 byte[] bytes = ipStringToBytes(ipString);
905 if (bytes != null && bytes.length == 16) {
906 for (int i = 0; i < 10; i++) {
907 if (bytes[i] != 0) {
908 return false;
909 }
910 }
911 for (int i = 10; i < 12; i++) {
912 if (bytes[i] != (byte) 0xff) {
913 return false;
914 }
915 }
916 return true;
917 }
918 return false;
919 }
920
921 /**
922 * Coerces an IPv6 address into an IPv4 address.
923 *
924 * <p>HACK: As long as applications continue to use IPv4 addresses for
925 * indexing into tables, accounting, et cetera, it may be necessary to
926 * <b>coerce</b> IPv6 addresses into IPv4 addresses. This function does
927 * so by hashing the upper 64 bits into {@code 224.0.0.0/3}
928 * (64 bits into 29 bits).
929 *
930 * <p>A "coerced" IPv4 address is equivalent to itself.
931 *
932 * <p>NOTE: This function is failsafe for security purposes: ALL IPv6
933 * addresses (except localhost (::1)) are hashed to avoid the security
934 * risk associated with extracting an embedded IPv4 address that might
935 * permit elevated privileges.
936 *
937 * @param ip {@link InetAddress} to "coerce"
938 * @return {@link Inet4Address} represented "coerced" address
939 * @since 7.0
940 */
941 public static Inet4Address getCoercedIPv4Address(InetAddress ip) {
942 if (ip instanceof Inet4Address) {
943 return (Inet4Address) ip;
944 }
945
946 // Special cases:
947 byte[] bytes = ip.getAddress();
948 boolean leadingBytesOfZero = true;
949 for (int i = 0; i < 15; ++i) {
950 if (bytes[i] != 0) {
951 leadingBytesOfZero = false;
952 break;
953 }
954 }
955 if (leadingBytesOfZero && (bytes[15] == 1)) {
956 return LOOPBACK4; // ::1
957 } else if (leadingBytesOfZero && (bytes[15] == 0)) {
958 return ANY4; // ::0
959 }
960
961 Inet6Address ip6 = (Inet6Address) ip;
962 long addressAsLong = 0;
963 if (hasEmbeddedIPv4ClientAddress(ip6)) {
964 addressAsLong = getEmbeddedIPv4ClientAddress(ip6).hashCode();
965 } else {
966
967 // Just extract the high 64 bits (assuming the rest is user-modifiable).
968 addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong();
969 }
970
971 // Many strategies for hashing are possible. This might suffice for now.
972 int coercedHash = hash64To32(addressAsLong);
973
974 // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3).
975 coercedHash |= 0xe0000000;
976
977 // Fixup to avoid some "illegal" values. Currently the only potential
978 // illegal value is 255.255.255.255.
979 if (coercedHash == 0xffffffff) {
980 coercedHash = 0xfffffffe;
981 }
982
983 return getInet4Address(Ints.toByteArray(coercedHash));
984 }
985
986 /**
987 * Returns an {@code int} hash of a 64-bit long.
988 *
989 * This comes from http://www.concentric.net/~ttwang/tech/inthash.htm
990 *
991 * This hash gives no guarantees on the cryptographic suitability nor the
992 * quality of randomness produced, and the mapping may change in the future.
993 *
994 * @param key A 64-bit number to hash
995 * @return {@code int} the input hashed into 32 bits
996 */
997 @VisibleForTesting static int hash64To32(long key) {
998 key = (~key) + (key << 18);
999 key = key ^ (key >>> 31);
1000 key = key * 21;
1001 key = key ^ (key >>> 11);
1002 key = key + (key << 6);
1003 key = key ^ (key >>> 22);
1004 return (int) key;
1005 }
1006
1007 /**
1008 * Returns an integer representing an IPv4 address regardless of
1009 * whether the supplied argument is an IPv4 address or not.
1010 *
1011 * <p>IPv6 addresses are <b>coerced</b> to IPv4 addresses before being
1012 * converted to integers.
1013 *
1014 * <p>As long as there are applications that assume that all IP addresses
1015 * are IPv4 addresses and can therefore be converted safely to integers
1016 * (for whatever purpose) this function can be used to handle IPv6
1017 * addresses as well until the application is suitably fixed.
1018 *
1019 * <p>NOTE: an IPv6 address coerced to an IPv4 address can only be used
1020 * for such purposes as rudimentary identification or indexing into a
1021 * collection of real {@link InetAddress}es. They cannot be used as
1022 * real addresses for the purposes of network communication.
1023 *
1024 * @param ip {@link InetAddress} to convert
1025 * @return {@code int}, "coerced" if ip is not an IPv4 address
1026 * @since 7.0
1027 */
1028 public static int coerceToInteger(InetAddress ip) {
1029 return ByteStreams.newDataInput(getCoercedIPv4Address(ip).getAddress()).readInt();
1030 }
1031
1032 /**
1033 * Returns an Inet4Address having the integer value specified by
1034 * the argument.
1035 *
1036 * @param address {@code int}, the 32bit integer address to be converted
1037 * @return {@link Inet4Address} equivalent of the argument
1038 */
1039 public static Inet4Address fromInteger(int address) {
1040 return getInet4Address(Ints.toByteArray(address));
1041 }
1042
1043 /**
1044 * Returns an address from a <b>little-endian ordered</b> byte array
1045 * (the opposite of what {@link InetAddress#getByAddress} expects).
1046 *
1047 * <p>IPv4 address byte array must be 4 bytes long and IPv6 byte array
1048 * must be 16 bytes long.
1049 *
1050 * @param addr the raw IP address in little-endian byte order
1051 * @return an InetAddress object created from the raw IP address
1052 * @throws UnknownHostException if IP address is of illegal length
1053 */
1054 public static InetAddress fromLittleEndianByteArray(byte[] addr)
1055 throws UnknownHostException {
1056 byte[] reversed = new byte[addr.length];
1057 for (int i = 0; i < addr.length; i++) {
1058 reversed[i] = addr[addr.length - i - 1];
1059 }
1060 return InetAddress.getByAddress(reversed);
1061 }
1062
1063 /**
1064 * Returns a new InetAddress that is one more than the passed in address.
1065 * This method works for both IPv4 and IPv6 addresses.
1066 *
1067 * @param address the InetAddress to increment
1068 * @return a new InetAddress that is one more than the passed in address.
1069 * @throws IllegalArgumentException if InetAddress is at the end of its
1070 * range.
1071 * @since 10.0
1072 */
1073 public static InetAddress increment(InetAddress address) {
1074 byte[] addr = address.getAddress();
1075 int i = addr.length - 1;
1076 while (i >= 0 && addr[i] == (byte) 0xff) {
1077 addr[i] = 0;
1078 i--;
1079 }
1080
1081 Preconditions.checkArgument(
1082 i >= 0, "Incrementing " + address + " would wrap.");
1083
1084 addr[i]++;
1085 try {
1086 return InetAddress.getByAddress(addr);
1087 } catch (UnknownHostException e) {
1088 throw new AssertionError(e);
1089 }
1090 }
1091
1092 /**
1093 * Returns true if the InetAddress is either 255.255.255.255 for IPv4 or
1094 * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.
1095 *
1096 * @return true if the InetAddress is either 255.255.255.255 for IPv4 or
1097 * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.
1098 * @since 10.0
1099 */
1100 public static boolean isMaximum(InetAddress address) {
1101 byte[] addr = address.getAddress();
1102 for (int i = 0; i < addr.length; i++) {
1103 if (addr[i] != (byte) 0xff) {
1104 return false;
1105 }
1106 }
1107 return true;
1108 }
1109
1110 /**
1111 * This method emulates the Java 6 method
1112 * {@code Arrays.copyOfRange(byte, int, int)}, which is not available in
1113 * Java 5, and thus cannot be used in Guava code.
1114 */
1115 private static byte[] copyOfRange(byte[] original, int from, int to) {
1116 Preconditions.checkNotNull(original);
1117
1118 int end = Math.min(to, original.length);
1119 byte[] result = new byte[to - from];
1120
1121 System.arraycopy(original, from, result, 0, end - from);
1122 return result;
1123 }
1124 }