001 /* 002 * Copyright (C) 2008 The Guava Authors 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017 package com.google.common.net; 018 019 import com.google.common.annotations.Beta; 020 import com.google.common.annotations.VisibleForTesting; 021 import com.google.common.base.Preconditions; 022 import com.google.common.io.ByteStreams; 023 import com.google.common.primitives.Ints; 024 025 import java.net.Inet4Address; 026 import java.net.Inet6Address; 027 import java.net.InetAddress; 028 import java.net.UnknownHostException; 029 import java.nio.ByteBuffer; 030 import java.util.Arrays; 031 032 import javax.annotation.Nullable; 033 034 /** 035 * Static utility methods pertaining to {@link InetAddress} instances. 036 * 037 * <p><b>Important note:</b> Unlike {@code InetAddress.getByName()}, the 038 * methods of this class never cause DNS services to be accessed. For 039 * this reason, you should prefer these methods as much as possible over 040 * their JDK equivalents whenever you are expecting to handle only 041 * IP address string literals -- there is no blocking DNS penalty for a 042 * malformed string. 043 * 044 * <p>This class hooks into the {@code sun.net.util.IPAddressUtil} class 045 * to make use of the {@code textToNumericFormatV4} and 046 * {@code textToNumericFormatV6} methods directly as a means to avoid 047 * accidentally traversing all nameservices (it can be vitally important 048 * to avoid, say, blocking on DNS at times). 049 * 050 * <p>When dealing with {@link Inet4Address} and {@link Inet6Address} 051 * objects as byte arrays (vis. {@code InetAddress.getAddress()}) they 052 * are 4 and 16 bytes in length, respectively, and represent the address 053 * in network byte order. 054 * 055 * <p>Examples of IP addresses and their byte representations: 056 * <ul> 057 * <li>The IPv4 loopback address, {@code "127.0.0.1"}.<br/> 058 * {@code 7f 00 00 01} 059 * 060 * <li>The IPv6 loopback address, {@code "::1"}.<br/> 061 * {@code 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01} 062 * 063 * <li>From the IPv6 reserved documentation prefix ({@code 2001:db8::/32}), 064 * {@code "2001:db8::1"}.<br/> 065 * {@code 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01} 066 * 067 * <li>An IPv6 "IPv4 compatible" (or "compat") address, 068 * {@code "::192.168.0.1"}.<br/> 069 * {@code 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 00 01} 070 * 071 * <li>An IPv6 "IPv4 mapped" address, {@code "::ffff:192.168.0.1"}.<br/> 072 * {@code 00 00 00 00 00 00 00 00 00 00 ff ff c0 a8 00 01} 073 * </ul> 074 * 075 * <p>A few notes about IPv6 "IPv4 mapped" addresses and their observed 076 * use in Java. 077 * <br><br> 078 * "IPv4 mapped" addresses were originally a representation of IPv4 079 * addresses for use on an IPv6 socket that could receive both IPv4 080 * and IPv6 connections (by disabling the {@code IPV6_V6ONLY} socket 081 * option on an IPv6 socket). Yes, it's confusing. Nevertheless, 082 * these "mapped" addresses were never supposed to be seen on the 083 * wire. That assumption was dropped, some say mistakenly, in later 084 * RFCs with the apparent aim of making IPv4-to-IPv6 transition simpler. 085 * 086 * <p>Technically one <i>can</i> create a 128bit IPv6 address with the wire 087 * format of a "mapped" address, as shown above, and transmit it in an 088 * IPv6 packet header. However, Java's InetAddress creation methods 089 * appear to adhere doggedly to the original intent of the "mapped" 090 * address: all "mapped" addresses return {@link Inet4Address} objects. 091 * 092 * <p>For added safety, it is common for IPv6 network operators to filter 093 * all packets where either the source or destination address appears to 094 * be a "compat" or "mapped" address. Filtering suggestions usually 095 * recommend discarding any packets with source or destination addresses 096 * in the invalid range {@code ::/3}, which includes both of these bizarre 097 * address formats. For more information on "bogons", including lists 098 * of IPv6 bogon space, see: 099 * 100 * <ul> 101 * <li><a target="_parent" 102 * href="http://en.wikipedia.org/wiki/Bogon_filtering" 103 * >http://en.wikipedia.org/wiki/Bogon_filtering</a> 104 * <li><a target="_parent" 105 * href="http://www.cymru.com/Bogons/ipv6.txt" 106 * >http://www.cymru.com/Bogons/ipv6.txt</a> 107 * <li><a target="_parent" 108 * href="http://www.cymru.com/Bogons/v6bogon.html" 109 * >http://www.cymru.com/Bogons/v6bogon.html</a> 110 * <li><a target="_parent" 111 * href="http://www.space.net/~gert/RIPE/ipv6-filters.html" 112 * >http://www.space.net/~gert/RIPE/ipv6-filters.html</a> 113 * </ul> 114 * 115 * @author Erik Kline 116 * @since 5.0 117 */ 118 @Beta 119 public final class InetAddresses { 120 private static final int IPV4_PART_COUNT = 4; 121 private static final int IPV6_PART_COUNT = 8; 122 private static final Inet4Address LOOPBACK4 = 123 (Inet4Address) forString("127.0.0.1"); 124 private static final Inet4Address ANY4 = 125 (Inet4Address) forString("0.0.0.0"); 126 127 private InetAddresses() {} 128 129 /** 130 * Returns an {@link Inet4Address}, given a byte array representation 131 * of the IPv4 address. 132 * 133 * @param bytes byte array representing an IPv4 address (should be 134 * of length 4). 135 * @return {@link Inet4Address} corresponding to the supplied byte 136 * array. 137 * @throws IllegalArgumentException if a valid {@link Inet4Address} 138 * can not be created. 139 */ 140 private static Inet4Address getInet4Address(byte[] bytes) { 141 Preconditions.checkArgument(bytes.length == 4, 142 "Byte array has invalid length for an IPv4 address: %s != 4.", 143 bytes.length); 144 145 try { 146 InetAddress ipv4 = InetAddress.getByAddress(bytes); 147 if (!(ipv4 instanceof Inet4Address)) { 148 throw new UnknownHostException( 149 String.format("'%s' is not an IPv4 address.", 150 ipv4.getHostAddress())); 151 } 152 153 return (Inet4Address) ipv4; 154 } catch (UnknownHostException e) { 155 156 /* 157 * This really shouldn't happen in practice since all our byte 158 * sequences should be valid IP addresses. 159 * 160 * However {@link InetAddress#getByAddress} is documented as 161 * potentially throwing this "if IP address is of illegal length". 162 * 163 * This is mapped to IllegalArgumentException since, presumably, 164 * the argument triggered some bizarre processing bug. 165 */ 166 throw new IllegalArgumentException( 167 String.format("Host address '%s' is not a valid IPv4 address.", 168 Arrays.toString(bytes)), 169 e); 170 } 171 } 172 173 /** 174 * Returns the {@link InetAddress} having the given string 175 * representation. 176 * 177 * <p>This deliberately avoids all nameservice lookups (e.g. no DNS). 178 * 179 * @param ipString {@code String} containing an IPv4 or IPv6 string literal, 180 * e.g. {@code "192.168.0.1"} or {@code "2001:db8::1"} 181 * @return {@link InetAddress} representing the argument 182 * @throws IllegalArgumentException if the argument is not a valid 183 * IP string literal 184 */ 185 public static InetAddress forString(String ipString) { 186 byte[] addr = ipStringToBytes(ipString); 187 188 // The argument was malformed, i.e. not an IP string literal. 189 if (addr == null) { 190 throw new IllegalArgumentException( 191 String.format("'%s' is not an IP string literal.", ipString)); 192 } 193 194 try { 195 return InetAddress.getByAddress(addr); 196 } catch (UnknownHostException e) { 197 198 /* 199 * This really shouldn't happen in practice since all our byte 200 * sequences should be valid IP addresses. 201 * 202 * However {@link InetAddress#getByAddress} is documented as 203 * potentially throwing this "if IP address is of illegal length". 204 * 205 * This is mapped to IllegalArgumentException since, presumably, 206 * the argument triggered some processing bug in either 207 * {@link IPAddressUtil#textToNumericFormatV4} or 208 * {@link IPAddressUtil#textToNumericFormatV6}. 209 */ 210 throw new IllegalArgumentException( 211 String.format("'%s' is extremely broken.", ipString), e); 212 } 213 } 214 215 /** 216 * Returns {@code true} if the supplied string is a valid IP string 217 * literal, {@code false} otherwise. 218 * 219 * @param ipString {@code String} to evaluated as an IP string literal 220 * @return {@code true} if the argument is a valid IP string literal 221 */ 222 public static boolean isInetAddress(String ipString) { 223 return ipStringToBytes(ipString) != null; 224 } 225 226 private static byte[] ipStringToBytes(String ipString) { 227 // Make a first pass to categorize the characters in this string. 228 boolean hasColon = false; 229 boolean hasDot = false; 230 for (int i = 0; i < ipString.length(); i++) { 231 char c = ipString.charAt(i); 232 if (c == '.') { 233 hasDot = true; 234 } else if (c == ':') { 235 if (hasDot) { 236 return null; // Colons must not appear after dots. 237 } 238 hasColon = true; 239 } else if (Character.digit(c, 16) == -1) { 240 return null; // Everything else must be a decimal or hex digit. 241 } 242 } 243 244 // Now decide which address family to parse. 245 if (hasColon) { 246 if (hasDot) { 247 ipString = convertDottedQuadToHex(ipString); 248 if (ipString == null) { 249 return null; 250 } 251 } 252 return textToNumericFormatV6(ipString); 253 } else if (hasDot) { 254 return textToNumericFormatV4(ipString); 255 } 256 return null; 257 } 258 259 private static byte[] textToNumericFormatV4(String ipString) { 260 String[] address = ipString.split("\\.", IPV4_PART_COUNT + 1); 261 if (address.length != IPV4_PART_COUNT) { 262 return null; 263 } 264 265 byte[] bytes = new byte[IPV4_PART_COUNT]; 266 try { 267 for (int i = 0; i < bytes.length; i++) { 268 bytes[i] = parseOctet(address[i]); 269 } 270 } catch (NumberFormatException ex) { 271 return null; 272 } 273 274 return bytes; 275 } 276 277 private static byte[] textToNumericFormatV6(String ipString) { 278 // An address can have [2..8] colons, and N colons make N+1 parts. 279 String[] parts = ipString.split(":", IPV6_PART_COUNT + 2); 280 if (parts.length < 3 || parts.length > IPV6_PART_COUNT + 1) { 281 return null; 282 } 283 284 // Disregarding the endpoints, find "::" with nothing in between. 285 // This indicates that a run of zeroes has been skipped. 286 int skipIndex = -1; 287 for (int i = 1; i < parts.length - 1; i++) { 288 if (parts[i].length() == 0) { 289 if (skipIndex >= 0) { 290 return null; // Can't have more than one :: 291 } 292 skipIndex = i; 293 } 294 } 295 296 int partsHi; // Number of parts to copy from above/before the "::" 297 int partsLo; // Number of parts to copy from below/after the "::" 298 if (skipIndex >= 0) { 299 // If we found a "::", then check if it also covers the endpoints. 300 partsHi = skipIndex; 301 partsLo = parts.length - skipIndex - 1; 302 if (parts[0].length() == 0 && --partsHi != 0) { 303 return null; // ^: requires ^:: 304 } 305 if (parts[parts.length - 1].length() == 0 && --partsLo != 0) { 306 return null; // :$ requires ::$ 307 } 308 } else { 309 // Otherwise, allocate the entire address to partsHi. The endpoints 310 // could still be empty, but parseHextet() will check for that. 311 partsHi = parts.length; 312 partsLo = 0; 313 } 314 315 // If we found a ::, then we must have skipped at least one part. 316 // Otherwise, we must have exactly the right number of parts. 317 int partsSkipped = IPV6_PART_COUNT - (partsHi + partsLo); 318 if (!(skipIndex >= 0 ? partsSkipped >= 1 : partsSkipped == 0)) { 319 return null; 320 } 321 322 // Now parse the hextets into a byte array. 323 ByteBuffer rawBytes = ByteBuffer.allocate(2 * IPV6_PART_COUNT); 324 try { 325 for (int i = 0; i < partsHi; i++) { 326 rawBytes.putShort(parseHextet(parts[i])); 327 } 328 for (int i = 0; i < partsSkipped; i++) { 329 rawBytes.putShort((short) 0); 330 } 331 for (int i = partsLo; i > 0; i--) { 332 rawBytes.putShort(parseHextet(parts[parts.length - i])); 333 } 334 } catch (NumberFormatException ex) { 335 return null; 336 } 337 return rawBytes.array(); 338 } 339 340 private static String convertDottedQuadToHex(String ipString) { 341 int lastColon = ipString.lastIndexOf(':'); 342 String initialPart = ipString.substring(0, lastColon + 1); 343 String dottedQuad = ipString.substring(lastColon + 1); 344 byte[] quad = textToNumericFormatV4(dottedQuad); 345 if (quad == null) { 346 return null; 347 } 348 String penultimate = Integer.toHexString(((quad[0] & 0xff) << 8) | (quad[1] & 0xff)); 349 String ultimate = Integer.toHexString(((quad[2] & 0xff) << 8) | (quad[3] & 0xff)); 350 return initialPart + penultimate + ":" + ultimate; 351 } 352 353 private static byte parseOctet(String ipPart) { 354 // Note: we already verified that this string contains only hex digits. 355 int octet = Integer.parseInt(ipPart); 356 // Disallow leading zeroes, because no clear standard exists on 357 // whether these should be interpreted as decimal or octal. 358 if (octet > 255 || (ipPart.startsWith("0") && ipPart.length() > 1)) { 359 throw new NumberFormatException(); 360 } 361 return (byte) octet; 362 } 363 364 private static short parseHextet(String ipPart) { 365 // Note: we already verified that this string contains only hex digits. 366 int hextet = Integer.parseInt(ipPart, 16); 367 if (hextet > 0xffff) { 368 throw new NumberFormatException(); 369 } 370 return (short) hextet; 371 } 372 373 /** 374 * Returns the string representation of an {@link InetAddress}. 375 * 376 * <p>For IPv4 addresses, this is identical to 377 * {@link InetAddress#getHostAddress()}, but for IPv6 addresses, the output 378 * follows <a href="http://tools.ietf.org/html/rfc5952">RFC 5952</a> 379 * section 4. The main difference is that this method uses "::" for zero 380 * compression, while Java's version uses the uncompressed form. 381 * 382 * <p>This method uses hexadecimal for all IPv6 addresses, including 383 * IPv4-mapped IPv6 addresses such as "::c000:201". The output does not 384 * include a Scope ID. 385 * 386 * @param ip {@link InetAddress} to be converted to an address string 387 * @return {@code String} containing the text-formatted IP address 388 * @since 10.0 389 */ 390 public static String toAddrString(InetAddress ip) { 391 Preconditions.checkNotNull(ip); 392 if (ip instanceof Inet4Address) { 393 // For IPv4, Java's formatting is good enough. 394 return ip.getHostAddress(); 395 } 396 Preconditions.checkArgument(ip instanceof Inet6Address); 397 byte[] bytes = ip.getAddress(); 398 int[] hextets = new int[IPV6_PART_COUNT]; 399 for (int i = 0; i < hextets.length; i++) { 400 hextets[i] = Ints.fromBytes( 401 (byte) 0, (byte) 0, bytes[2 * i], bytes[2 * i + 1]); 402 } 403 compressLongestRunOfZeroes(hextets); 404 return hextetsToIPv6String(hextets); 405 } 406 407 /** 408 * Identify and mark the longest run of zeroes in an IPv6 address. 409 * 410 * <p>Only runs of two or more hextets are considered. In case of a tie, the 411 * leftmost run wins. If a qualifying run is found, its hextets are replaced 412 * by the sentinel value -1. 413 * 414 * @param hextets {@code int[]} mutable array of eight 16-bit hextets. 415 */ 416 private static void compressLongestRunOfZeroes(int[] hextets) { 417 int bestRunStart = -1; 418 int bestRunLength = -1; 419 int runStart = -1; 420 for (int i = 0; i < hextets.length + 1; i++) { 421 if (i < hextets.length && hextets[i] == 0) { 422 if (runStart < 0) { 423 runStart = i; 424 } 425 } else if (runStart >= 0) { 426 int runLength = i - runStart; 427 if (runLength > bestRunLength) { 428 bestRunStart = runStart; 429 bestRunLength = runLength; 430 } 431 runStart = -1; 432 } 433 } 434 if (bestRunLength >= 2) { 435 Arrays.fill(hextets, bestRunStart, bestRunStart + bestRunLength, -1); 436 } 437 } 438 439 /** 440 * Convert a list of hextets into a human-readable IPv6 address. 441 * 442 * <p>In order for "::" compression to work, the input should contain negative 443 * sentinel values in place of the elided zeroes. 444 * 445 * @param hextets {@code int[]} array of eight 16-bit hextets, or -1s. 446 */ 447 private static String hextetsToIPv6String(int[] hextets) { 448 /* 449 * While scanning the array, handle these state transitions: 450 * start->num => "num" start->gap => "::" 451 * num->num => ":num" num->gap => "::" 452 * gap->num => "num" gap->gap => "" 453 */ 454 StringBuilder buf = new StringBuilder(39); 455 boolean lastWasNumber = false; 456 for (int i = 0; i < hextets.length; i++) { 457 boolean thisIsNumber = hextets[i] >= 0; 458 if (thisIsNumber) { 459 if (lastWasNumber) { 460 buf.append(':'); 461 } 462 buf.append(Integer.toHexString(hextets[i])); 463 } else { 464 if (i == 0 || lastWasNumber) { 465 buf.append("::"); 466 } 467 } 468 lastWasNumber = thisIsNumber; 469 } 470 return buf.toString(); 471 } 472 473 /** 474 * Returns the string representation of an {@link InetAddress} suitable 475 * for inclusion in a URI. 476 * 477 * <p>For IPv4 addresses, this is identical to 478 * {@link InetAddress#getHostAddress()}, but for IPv6 addresses it 479 * compresses zeroes and surrounds the text with square brackets; for example 480 * {@code "[2001:db8::1]"}. 481 * 482 * <p>Per section 3.2.2 of 483 * <a target="_parent" 484 * href="http://tools.ietf.org/html/rfc3986#section-3.2.2" 485 * >http://tools.ietf.org/html/rfc3986</a>, 486 * a URI containing an IPv6 string literal is of the form 487 * {@code "http://[2001:db8::1]:8888/index.html"}. 488 * 489 * <p>Use of either {@link InetAddresses#toAddrString}, 490 * {@link InetAddress#getHostAddress()}, or this method is recommended over 491 * {@link InetAddress#toString()} when an IP address string literal is 492 * desired. This is because {@link InetAddress#toString()} prints the 493 * hostname and the IP address string joined by a "/". 494 * 495 * @param ip {@link InetAddress} to be converted to URI string literal 496 * @return {@code String} containing URI-safe string literal 497 */ 498 public static String toUriString(InetAddress ip) { 499 if (ip instanceof Inet6Address) { 500 return "[" + toAddrString(ip) + "]"; 501 } 502 return toAddrString(ip); 503 } 504 505 /** 506 * Returns an InetAddress representing the literal IPv4 or IPv6 host 507 * portion of a URL, encoded in the format specified by RFC 3986 section 3.2.2. 508 * 509 * <p>This function is similar to {@link InetAddresses#forString(String)}, 510 * however, it requires that IPv6 addresses are surrounded by square brackets. 511 * 512 * <p>This function is the inverse of 513 * {@link InetAddresses#toUriString(java.net.InetAddress)}. 514 * 515 * @param hostAddr A RFC 3986 section 3.2.2 encoded IPv4 or IPv6 address 516 * @return an InetAddress representing the address in {@code hostAddr} 517 * @throws IllegalArgumentException if {@code hostAddr} is not a valid 518 * IPv4 address, or IPv6 address surrounded by square brackets 519 */ 520 public static InetAddress forUriString(String hostAddr) { 521 Preconditions.checkNotNull(hostAddr); 522 Preconditions.checkArgument(hostAddr.length() > 0, "host string is empty"); 523 InetAddress retval = null; 524 525 // IPv4 address? 526 try { 527 retval = forString(hostAddr); 528 if (retval instanceof Inet4Address) { 529 return retval; 530 } 531 } catch (IllegalArgumentException e) { 532 // Not a valid IP address, fall through. 533 } 534 535 // IPv6 address 536 if (!(hostAddr.startsWith("[") && hostAddr.endsWith("]"))) { 537 throw new IllegalArgumentException("Not a valid address: \"" + hostAddr + '"'); 538 } 539 540 retval = forString(hostAddr.substring(1, hostAddr.length() - 1)); 541 if (retval instanceof Inet6Address) { 542 return retval; 543 } 544 545 throw new IllegalArgumentException("Not a valid address: \"" + hostAddr + '"'); 546 } 547 548 /** 549 * Returns {@code true} if the supplied string is a valid URI IP string 550 * literal, {@code false} otherwise. 551 * 552 * @param ipString {@code String} to evaluated as an IP URI host string literal 553 * @return {@code true} if the argument is a valid IP URI host 554 */ 555 public static boolean isUriInetAddress(String ipString) { 556 try { 557 forUriString(ipString); 558 return true; 559 } catch (IllegalArgumentException e) { 560 return false; 561 } 562 } 563 564 /** 565 * Evaluates whether the argument is an IPv6 "compat" address. 566 * 567 * <p>An "IPv4 compatible", or "compat", address is one with 96 leading 568 * bits of zero, with the remaining 32 bits interpreted as an 569 * IPv4 address. These are conventionally represented in string 570 * literals as {@code "::192.168.0.1"}, though {@code "::c0a8:1"} is 571 * also considered an IPv4 compatible address (and equivalent to 572 * {@code "::192.168.0.1"}). 573 * 574 * <p>For more on IPv4 compatible addresses see section 2.5.5.1 of 575 * <a target="_parent" 576 * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.1" 577 * >http://tools.ietf.org/html/rfc4291</a> 578 * 579 * <p>NOTE: This method is different from 580 * {@link Inet6Address#isIPv4CompatibleAddress} in that it more 581 * correctly classifies {@code "::"} and {@code "::1"} as 582 * proper IPv6 addresses (which they are), NOT IPv4 compatible 583 * addresses (which they are generally NOT considered to be). 584 * 585 * @param ip {@link Inet6Address} to be examined for embedded IPv4 586 * compatible address format 587 * @return {@code true} if the argument is a valid "compat" address 588 */ 589 public static boolean isCompatIPv4Address(Inet6Address ip) { 590 if (!ip.isIPv4CompatibleAddress()) { 591 return false; 592 } 593 594 byte[] bytes = ip.getAddress(); 595 if ((bytes[12] == 0) && (bytes[13] == 0) && (bytes[14] == 0) 596 && ((bytes[15] == 0) || (bytes[15] == 1))) { 597 return false; 598 } 599 600 return true; 601 } 602 603 /** 604 * Returns the IPv4 address embedded in an IPv4 compatible address. 605 * 606 * @param ip {@link Inet6Address} to be examined for an embedded 607 * IPv4 address 608 * @return {@link Inet4Address} of the embedded IPv4 address 609 * @throws IllegalArgumentException if the argument is not a valid 610 * IPv4 compatible address 611 */ 612 public static Inet4Address getCompatIPv4Address(Inet6Address ip) { 613 Preconditions.checkArgument(isCompatIPv4Address(ip), 614 "Address '%s' is not IPv4-compatible.", toAddrString(ip)); 615 616 return getInet4Address(copyOfRange(ip.getAddress(), 12, 16)); 617 } 618 619 /** 620 * Evaluates whether the argument is a 6to4 address. 621 * 622 * <p>6to4 addresses begin with the {@code "2002::/16"} prefix. 623 * The next 32 bits are the IPv4 address of the host to which 624 * IPv6-in-IPv4 tunneled packets should be routed. 625 * 626 * <p>For more on 6to4 addresses see section 2 of 627 * <a target="_parent" href="http://tools.ietf.org/html/rfc3056#section-2" 628 * >http://tools.ietf.org/html/rfc3056</a> 629 * 630 * @param ip {@link Inet6Address} to be examined for 6to4 address 631 * format 632 * @return {@code true} if the argument is a 6to4 address 633 */ 634 public static boolean is6to4Address(Inet6Address ip) { 635 byte[] bytes = ip.getAddress(); 636 return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x02); 637 } 638 639 /** 640 * Returns the IPv4 address embedded in a 6to4 address. 641 * 642 * @param ip {@link Inet6Address} to be examined for embedded IPv4 643 * in 6to4 address. 644 * @return {@link Inet4Address} of embedded IPv4 in 6to4 address. 645 * @throws IllegalArgumentException if the argument is not a valid 646 * IPv6 6to4 address. 647 */ 648 public static Inet4Address get6to4IPv4Address(Inet6Address ip) { 649 Preconditions.checkArgument(is6to4Address(ip), 650 "Address '%s' is not a 6to4 address.", toAddrString(ip)); 651 652 return getInet4Address(copyOfRange(ip.getAddress(), 2, 6)); 653 } 654 655 /** 656 * A simple data class to encapsulate the information to be found in a 657 * Teredo address. 658 * 659 * <p>All of the fields in this class are encoded in various portions 660 * of the IPv6 address as part of the protocol. More protocols details 661 * can be found at: 662 * <a target="_parent" href="http://en.wikipedia.org/wiki/Teredo_tunneling" 663 * >http://en.wikipedia.org/wiki/Teredo_tunneling</a>. 664 * 665 * <p>The RFC can be found here: 666 * <a target="_parent" href="http://tools.ietf.org/html/rfc4380" 667 * >http://tools.ietf.org/html/rfc4380</a>. 668 * 669 * @since 5.0 670 */ 671 @Beta 672 public static final class TeredoInfo { 673 private final Inet4Address server; 674 private final Inet4Address client; 675 private final int port; 676 private final int flags; 677 678 /** 679 * Constructs a TeredoInfo instance. 680 * 681 * <p>Both server and client can be {@code null}, in which case the 682 * value {@code "0.0.0.0"} will be assumed. 683 * 684 * @throws IllegalArgumentException if either of the {@code port} 685 * or the {@code flags} arguments are out of range of an 686 * unsigned short 687 */ 688 // TODO: why is this public? 689 public TeredoInfo(@Nullable Inet4Address server, 690 @Nullable Inet4Address client, 691 int port, int flags) { 692 Preconditions.checkArgument((port >= 0) && (port <= 0xffff), 693 "port '%s' is out of range (0 <= port <= 0xffff)", port); 694 Preconditions.checkArgument((flags >= 0) && (flags <= 0xffff), 695 "flags '%s' is out of range (0 <= flags <= 0xffff)", flags); 696 697 if (server != null) { 698 this.server = server; 699 } else { 700 this.server = ANY4; 701 } 702 703 if (client != null) { 704 this.client = client; 705 } else { 706 this.client = ANY4; 707 } 708 709 this.port = port; 710 this.flags = flags; 711 } 712 713 public Inet4Address getServer() { 714 return server; 715 } 716 717 public Inet4Address getClient() { 718 return client; 719 } 720 721 public int getPort() { 722 return port; 723 } 724 725 public int getFlags() { 726 return flags; 727 } 728 } 729 730 /** 731 * Evaluates whether the argument is a Teredo address. 732 * 733 * <p>Teredo addresses begin with the {@code "2001::/32"} prefix. 734 * 735 * @param ip {@link Inet6Address} to be examined for Teredo address 736 * format. 737 * @return {@code true} if the argument is a Teredo address 738 */ 739 public static boolean isTeredoAddress(Inet6Address ip) { 740 byte[] bytes = ip.getAddress(); 741 return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x01) 742 && (bytes[2] == 0) && (bytes[3] == 0); 743 } 744 745 /** 746 * Returns the Teredo information embedded in a Teredo address. 747 * 748 * @param ip {@link Inet6Address} to be examined for embedded Teredo 749 * information 750 * @return extracted {@code TeredoInfo} 751 * @throws IllegalArgumentException if the argument is not a valid 752 * IPv6 Teredo address 753 */ 754 public static TeredoInfo getTeredoInfo(Inet6Address ip) { 755 Preconditions.checkArgument(isTeredoAddress(ip), 756 "Address '%s' is not a Teredo address.", toAddrString(ip)); 757 758 byte[] bytes = ip.getAddress(); 759 Inet4Address server = getInet4Address(copyOfRange(bytes, 4, 8)); 760 761 int flags = ByteStreams.newDataInput(bytes, 8).readShort() & 0xffff; 762 763 // Teredo obfuscates the mapped client port, per section 4 of the RFC. 764 int port = ~ByteStreams.newDataInput(bytes, 10).readShort() & 0xffff; 765 766 byte[] clientBytes = copyOfRange(bytes, 12, 16); 767 for (int i = 0; i < clientBytes.length; i++) { 768 // Teredo obfuscates the mapped client IP, per section 4 of the RFC. 769 clientBytes[i] = (byte) ~clientBytes[i]; 770 } 771 Inet4Address client = getInet4Address(clientBytes); 772 773 return new TeredoInfo(server, client, port, flags); 774 } 775 776 /** 777 * Evaluates whether the argument is an ISATAP address. 778 * 779 * <p>From RFC 5214: "ISATAP interface identifiers are constructed in 780 * Modified EUI-64 format [...] by concatenating the 24-bit IANA OUI 781 * (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit IPv4 782 * address in network byte order [...]" 783 * 784 * <p>For more on ISATAP addresses see section 6.1 of 785 * <a target="_parent" href="http://tools.ietf.org/html/rfc5214#section-6.1" 786 * >http://tools.ietf.org/html/rfc5214</a> 787 * 788 * @param ip {@link Inet6Address} to be examined for ISATAP address 789 * format. 790 * @return {@code true} if the argument is an ISATAP address 791 */ 792 public static boolean isIsatapAddress(Inet6Address ip) { 793 794 // If it's a Teredo address with the right port (41217, or 0xa101) 795 // which would be encoded as 0x5efe then it can't be an ISATAP address. 796 if (isTeredoAddress(ip)) { 797 return false; 798 } 799 800 byte[] bytes = ip.getAddress(); 801 802 if ((bytes[8] | (byte) 0x03) != (byte) 0x03) { 803 804 // Verify that high byte of the 64 bit identifier is zero, modulo 805 // the U/L and G bits, with which we are not concerned. 806 return false; 807 } 808 809 return (bytes[9] == (byte) 0x00) && (bytes[10] == (byte) 0x5e) 810 && (bytes[11] == (byte) 0xfe); 811 } 812 813 /** 814 * Returns the IPv4 address embedded in an ISATAP address. 815 * 816 * @param ip {@link Inet6Address} to be examined for embedded IPv4 817 * in ISATAP address 818 * @return {@link Inet4Address} of embedded IPv4 in an ISATAP address 819 * @throws IllegalArgumentException if the argument is not a valid 820 * IPv6 ISATAP address 821 */ 822 public static Inet4Address getIsatapIPv4Address(Inet6Address ip) { 823 Preconditions.checkArgument(isIsatapAddress(ip), 824 "Address '%s' is not an ISATAP address.", toAddrString(ip)); 825 826 return getInet4Address(copyOfRange(ip.getAddress(), 12, 16)); 827 } 828 829 /** 830 * Examines the Inet6Address to determine if it is an IPv6 address of one 831 * of the specified address types that contain an embedded IPv4 address. 832 * 833 * <p>NOTE: ISATAP addresses are explicitly excluded from this method 834 * due to their trivial spoofability. With other transition addresses 835 * spoofing involves (at least) infection of one's BGP routing table. 836 * 837 * @param ip {@link Inet6Address} to be examined for embedded IPv4 838 * client address. 839 * @return {@code true} if there is an embedded IPv4 client address. 840 * @since 7.0 841 */ 842 public static boolean hasEmbeddedIPv4ClientAddress(Inet6Address ip) { 843 return isCompatIPv4Address(ip) || is6to4Address(ip) || 844 isTeredoAddress(ip); 845 } 846 847 /** 848 * Examines the Inet6Address to extract the embedded IPv4 client address 849 * if the InetAddress is an IPv6 address of one of the specified address 850 * types that contain an embedded IPv4 address. 851 * 852 * <p>NOTE: ISATAP addresses are explicitly excluded from this method 853 * due to their trivial spoofability. With other transition addresses 854 * spoofing involves (at least) infection of one's BGP routing table. 855 * 856 * @param ip {@link Inet6Address} to be examined for embedded IPv4 857 * client address. 858 * @return {@link Inet4Address} of embedded IPv4 client address. 859 * @throws IllegalArgumentException if the argument does not have a valid 860 * embedded IPv4 address. 861 */ 862 public static Inet4Address getEmbeddedIPv4ClientAddress(Inet6Address ip) { 863 if (isCompatIPv4Address(ip)) { 864 return getCompatIPv4Address(ip); 865 } 866 867 if (is6to4Address(ip)) { 868 return get6to4IPv4Address(ip); 869 } 870 871 if (isTeredoAddress(ip)) { 872 return getTeredoInfo(ip).getClient(); 873 } 874 875 throw new IllegalArgumentException( 876 String.format("'%s' has no embedded IPv4 address.", 877 toAddrString(ip))); 878 } 879 880 /** 881 * Evaluates whether the argument is an "IPv4 mapped" IPv6 address. 882 * 883 * <p>An "IPv4 mapped" address is anything in the range ::ffff:0:0/96 884 * (sometimes written as ::ffff:0.0.0.0/96), with the last 32 bits 885 * interpreted as an IPv4 address. 886 * 887 * <p>For more on IPv4 mapped addresses see section 2.5.5.2 of 888 * <a target="_parent" 889 * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.2" 890 * >http://tools.ietf.org/html/rfc4291</a> 891 * 892 * <p>Note: This method takes a {@code String} argument because 893 * {@link InetAddress} automatically collapses mapped addresses to IPv4. 894 * (It is actually possible to avoid this using one of the obscure 895 * {@link Inet6Address} methods, but it would be unwise to depend on such 896 * a poorly-documented feature.) 897 * 898 * @param ipString {@code String} to be examined for embedded IPv4-mapped 899 * IPv6 address format 900 * @return {@code true} if the argument is a valid "mapped" address 901 * @since 10.0 902 */ 903 public static boolean isMappedIPv4Address(String ipString) { 904 byte[] bytes = ipStringToBytes(ipString); 905 if (bytes != null && bytes.length == 16) { 906 for (int i = 0; i < 10; i++) { 907 if (bytes[i] != 0) { 908 return false; 909 } 910 } 911 for (int i = 10; i < 12; i++) { 912 if (bytes[i] != (byte) 0xff) { 913 return false; 914 } 915 } 916 return true; 917 } 918 return false; 919 } 920 921 /** 922 * Coerces an IPv6 address into an IPv4 address. 923 * 924 * <p>HACK: As long as applications continue to use IPv4 addresses for 925 * indexing into tables, accounting, et cetera, it may be necessary to 926 * <b>coerce</b> IPv6 addresses into IPv4 addresses. This function does 927 * so by hashing the upper 64 bits into {@code 224.0.0.0/3} 928 * (64 bits into 29 bits). 929 * 930 * <p>A "coerced" IPv4 address is equivalent to itself. 931 * 932 * <p>NOTE: This function is failsafe for security purposes: ALL IPv6 933 * addresses (except localhost (::1)) are hashed to avoid the security 934 * risk associated with extracting an embedded IPv4 address that might 935 * permit elevated privileges. 936 * 937 * @param ip {@link InetAddress} to "coerce" 938 * @return {@link Inet4Address} represented "coerced" address 939 * @since 7.0 940 */ 941 public static Inet4Address getCoercedIPv4Address(InetAddress ip) { 942 if (ip instanceof Inet4Address) { 943 return (Inet4Address) ip; 944 } 945 946 // Special cases: 947 byte[] bytes = ip.getAddress(); 948 boolean leadingBytesOfZero = true; 949 for (int i = 0; i < 15; ++i) { 950 if (bytes[i] != 0) { 951 leadingBytesOfZero = false; 952 break; 953 } 954 } 955 if (leadingBytesOfZero && (bytes[15] == 1)) { 956 return LOOPBACK4; // ::1 957 } else if (leadingBytesOfZero && (bytes[15] == 0)) { 958 return ANY4; // ::0 959 } 960 961 Inet6Address ip6 = (Inet6Address) ip; 962 long addressAsLong = 0; 963 if (hasEmbeddedIPv4ClientAddress(ip6)) { 964 addressAsLong = getEmbeddedIPv4ClientAddress(ip6).hashCode(); 965 } else { 966 967 // Just extract the high 64 bits (assuming the rest is user-modifiable). 968 addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong(); 969 } 970 971 // Many strategies for hashing are possible. This might suffice for now. 972 int coercedHash = hash64To32(addressAsLong); 973 974 // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3). 975 coercedHash |= 0xe0000000; 976 977 // Fixup to avoid some "illegal" values. Currently the only potential 978 // illegal value is 255.255.255.255. 979 if (coercedHash == 0xffffffff) { 980 coercedHash = 0xfffffffe; 981 } 982 983 return getInet4Address(Ints.toByteArray(coercedHash)); 984 } 985 986 /** 987 * Returns an {@code int} hash of a 64-bit long. 988 * 989 * This comes from http://www.concentric.net/~ttwang/tech/inthash.htm 990 * 991 * This hash gives no guarantees on the cryptographic suitability nor the 992 * quality of randomness produced, and the mapping may change in the future. 993 * 994 * @param key A 64-bit number to hash 995 * @return {@code int} the input hashed into 32 bits 996 */ 997 @VisibleForTesting static int hash64To32(long key) { 998 key = (~key) + (key << 18); 999 key = key ^ (key >>> 31); 1000 key = key * 21; 1001 key = key ^ (key >>> 11); 1002 key = key + (key << 6); 1003 key = key ^ (key >>> 22); 1004 return (int) key; 1005 } 1006 1007 /** 1008 * Returns an integer representing an IPv4 address regardless of 1009 * whether the supplied argument is an IPv4 address or not. 1010 * 1011 * <p>IPv6 addresses are <b>coerced</b> to IPv4 addresses before being 1012 * converted to integers. 1013 * 1014 * <p>As long as there are applications that assume that all IP addresses 1015 * are IPv4 addresses and can therefore be converted safely to integers 1016 * (for whatever purpose) this function can be used to handle IPv6 1017 * addresses as well until the application is suitably fixed. 1018 * 1019 * <p>NOTE: an IPv6 address coerced to an IPv4 address can only be used 1020 * for such purposes as rudimentary identification or indexing into a 1021 * collection of real {@link InetAddress}es. They cannot be used as 1022 * real addresses for the purposes of network communication. 1023 * 1024 * @param ip {@link InetAddress} to convert 1025 * @return {@code int}, "coerced" if ip is not an IPv4 address 1026 * @since 7.0 1027 */ 1028 public static int coerceToInteger(InetAddress ip) { 1029 return ByteStreams.newDataInput(getCoercedIPv4Address(ip).getAddress()).readInt(); 1030 } 1031 1032 /** 1033 * Returns an Inet4Address having the integer value specified by 1034 * the argument. 1035 * 1036 * @param address {@code int}, the 32bit integer address to be converted 1037 * @return {@link Inet4Address} equivalent of the argument 1038 */ 1039 public static Inet4Address fromInteger(int address) { 1040 return getInet4Address(Ints.toByteArray(address)); 1041 } 1042 1043 /** 1044 * Returns an address from a <b>little-endian ordered</b> byte array 1045 * (the opposite of what {@link InetAddress#getByAddress} expects). 1046 * 1047 * <p>IPv4 address byte array must be 4 bytes long and IPv6 byte array 1048 * must be 16 bytes long. 1049 * 1050 * @param addr the raw IP address in little-endian byte order 1051 * @return an InetAddress object created from the raw IP address 1052 * @throws UnknownHostException if IP address is of illegal length 1053 */ 1054 public static InetAddress fromLittleEndianByteArray(byte[] addr) 1055 throws UnknownHostException { 1056 byte[] reversed = new byte[addr.length]; 1057 for (int i = 0; i < addr.length; i++) { 1058 reversed[i] = addr[addr.length - i - 1]; 1059 } 1060 return InetAddress.getByAddress(reversed); 1061 } 1062 1063 /** 1064 * Returns a new InetAddress that is one more than the passed in address. 1065 * This method works for both IPv4 and IPv6 addresses. 1066 * 1067 * @param address the InetAddress to increment 1068 * @return a new InetAddress that is one more than the passed in address. 1069 * @throws IllegalArgumentException if InetAddress is at the end of its 1070 * range. 1071 * @since 10.0 1072 */ 1073 public static InetAddress increment(InetAddress address) { 1074 byte[] addr = address.getAddress(); 1075 int i = addr.length - 1; 1076 while (i >= 0 && addr[i] == (byte) 0xff) { 1077 addr[i] = 0; 1078 i--; 1079 } 1080 1081 Preconditions.checkArgument(i >= 0, "Incrementing %s would wrap.", address); 1082 1083 addr[i]++; 1084 try { 1085 return InetAddress.getByAddress(addr); 1086 } catch (UnknownHostException e) { 1087 throw new AssertionError(e); 1088 } 1089 } 1090 1091 /** 1092 * Returns true if the InetAddress is either 255.255.255.255 for IPv4 or 1093 * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6. 1094 * 1095 * @return true if the InetAddress is either 255.255.255.255 for IPv4 or 1096 * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6. 1097 * @since 10.0 1098 */ 1099 public static boolean isMaximum(InetAddress address) { 1100 byte[] addr = address.getAddress(); 1101 for (int i = 0; i < addr.length; i++) { 1102 if (addr[i] != (byte) 0xff) { 1103 return false; 1104 } 1105 } 1106 return true; 1107 } 1108 1109 /** 1110 * This method emulates the Java 6 method 1111 * {@code Arrays.copyOfRange(byte, int, int)}, which is not available in 1112 * Java 5, and thus cannot be used in Guava code. 1113 */ 1114 private static byte[] copyOfRange(byte[] original, int from, int to) { 1115 Preconditions.checkNotNull(original); 1116 1117 int end = Math.min(to, original.length); 1118 byte[] result = new byte[to - from]; 1119 1120 System.arraycopy(original, from, result, 0, end - from); 1121 return result; 1122 } 1123 }