001/* 002 * Copyright (C) 2008 The Guava Authors 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 005 * in compliance with the License. You may obtain a copy of the License at 006 * 007 * http://www.apache.org/licenses/LICENSE-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, software distributed under the License 010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 011 * or implied. See the License for the specific language governing permissions and limitations under 012 * the License. 013 */ 014 015package com.google.common.net; 016 017import static com.google.common.base.Preconditions.checkArgument; 018import static com.google.common.base.Preconditions.checkNotNull; 019 020import com.google.common.annotations.Beta; 021import com.google.common.annotations.GwtIncompatible; 022import com.google.common.base.MoreObjects; 023import com.google.common.base.Splitter; 024import com.google.common.collect.Iterables; 025import com.google.common.hash.Hashing; 026import com.google.common.io.ByteStreams; 027import com.google.common.primitives.Ints; 028import java.net.Inet4Address; 029import java.net.Inet6Address; 030import java.net.InetAddress; 031import java.net.UnknownHostException; 032import java.nio.ByteBuffer; 033import java.util.Arrays; 034import java.util.List; 035import java.util.Locale; 036import org.checkerframework.checker.nullness.qual.Nullable; 037 038/** 039 * Static utility methods pertaining to {@link InetAddress} instances. 040 * 041 * <p><b>Important note:</b> Unlike {@code InetAddress.getByName()}, the methods of this class never 042 * cause DNS services to be accessed. For this reason, you should prefer these methods as much as 043 * possible over their JDK equivalents whenever you are expecting to handle only IP address string 044 * literals -- there is no blocking DNS penalty for a malformed string. 045 * 046 * <p>When dealing with {@link Inet4Address} and {@link Inet6Address} objects as byte arrays (vis. 047 * {@code InetAddress.getAddress()}) they are 4 and 16 bytes in length, respectively, and represent 048 * the address in network byte order. 049 * 050 * <p>Examples of IP addresses and their byte representations: 051 * 052 * <dl> 053 * <dt>The IPv4 loopback address, {@code "127.0.0.1"}. 054 * <dd>{@code 7f 00 00 01} 055 * <dt>The IPv6 loopback address, {@code "::1"}. 056 * <dd>{@code 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01} 057 * <dt>From the IPv6 reserved documentation prefix ({@code 2001:db8::/32}), {@code "2001:db8::1"}. 058 * <dd>{@code 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01} 059 * <dt>An IPv6 "IPv4 compatible" (or "compat") address, {@code "::192.168.0.1"}. 060 * <dd>{@code 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 00 01} 061 * <dt>An IPv6 "IPv4 mapped" address, {@code "::ffff:192.168.0.1"}. 062 * <dd>{@code 00 00 00 00 00 00 00 00 00 00 ff ff c0 a8 00 01} 063 * </dl> 064 * 065 * <p>A few notes about IPv6 "IPv4 mapped" addresses and their observed use in Java. 066 * 067 * <p>"IPv4 mapped" addresses were originally a representation of IPv4 addresses for use on an IPv6 068 * socket that could receive both IPv4 and IPv6 connections (by disabling the {@code IPV6_V6ONLY} 069 * socket option on an IPv6 socket). Yes, it's confusing. Nevertheless, these "mapped" addresses 070 * were never supposed to be seen on the wire. That assumption was dropped, some say mistakenly, in 071 * later RFCs with the apparent aim of making IPv4-to-IPv6 transition simpler. 072 * 073 * <p>Technically one <i>can</i> create a 128bit IPv6 address with the wire format of a "mapped" 074 * address, as shown above, and transmit it in an IPv6 packet header. However, Java's InetAddress 075 * creation methods appear to adhere doggedly to the original intent of the "mapped" address: all 076 * "mapped" addresses return {@link Inet4Address} objects. 077 * 078 * <p>For added safety, it is common for IPv6 network operators to filter all packets where either 079 * the source or destination address appears to be a "compat" or "mapped" address. Filtering 080 * suggestions usually recommend discarding any packets with source or destination addresses in the 081 * invalid range {@code ::/3}, which includes both of these bizarre address formats. For more 082 * information on "bogons", including lists of IPv6 bogon space, see: 083 * 084 * <ul> 085 * <li><a target="_parent" 086 * href="http://en.wikipedia.org/wiki/Bogon_filtering">http://en.wikipedia. 087 * org/wiki/Bogon_filtering</a> 088 * <li><a target="_parent" 089 * href="http://www.cymru.com/Bogons/ipv6.txt">http://www.cymru.com/Bogons/ ipv6.txt</a> 090 * <li><a target="_parent" href="http://www.cymru.com/Bogons/v6bogon.html">http://www.cymru.com/ 091 * Bogons/v6bogon.html</a> 092 * <li><a target="_parent" href="http://www.space.net/~gert/RIPE/ipv6-filters.html">http://www. 093 * space.net/~gert/RIPE/ipv6-filters.html</a> 094 * </ul> 095 * 096 * @author Erik Kline 097 * @since 5.0 098 */ 099@Beta 100@GwtIncompatible 101public final class InetAddresses { 102 private static final int IPV4_PART_COUNT = 4; 103 private static final int IPV6_PART_COUNT = 8; 104 private static final Splitter IPV4_SPLITTER = Splitter.on('.').limit(IPV4_PART_COUNT); 105 private static final Splitter IPV6_SPLITTER = Splitter.on(':').limit(IPV6_PART_COUNT + 2); 106 private static final Inet4Address LOOPBACK4 = (Inet4Address) forString("127.0.0.1"); 107 private static final Inet4Address ANY4 = (Inet4Address) forString("0.0.0.0"); 108 109 private InetAddresses() {} 110 111 /** 112 * Returns an {@link Inet4Address}, given a byte array representation of the IPv4 address. 113 * 114 * @param bytes byte array representing an IPv4 address (should be of length 4) 115 * @return {@link Inet4Address} corresponding to the supplied byte array 116 * @throws IllegalArgumentException if a valid {@link Inet4Address} can not be created 117 */ 118 private static Inet4Address getInet4Address(byte[] bytes) { 119 checkArgument( 120 bytes.length == 4, 121 "Byte array has invalid length for an IPv4 address: %s != 4.", 122 bytes.length); 123 124 // Given a 4-byte array, this cast should always succeed. 125 return (Inet4Address) bytesToInetAddress(bytes); 126 } 127 128 /** 129 * Returns the {@link InetAddress} having the given string representation. 130 * 131 * <p>This deliberately avoids all nameservice lookups (e.g. no DNS). 132 * 133 * @param ipString {@code String} containing an IPv4 or IPv6 string literal, e.g. {@code 134 * "192.168.0.1"} or {@code "2001:db8::1"} 135 * @return {@link InetAddress} representing the argument 136 * @throws IllegalArgumentException if the argument is not a valid IP string literal 137 */ 138 public static InetAddress forString(String ipString) { 139 byte[] addr = ipStringToBytes(ipString); 140 141 // The argument was malformed, i.e. not an IP string literal. 142 if (addr == null) { 143 throw formatIllegalArgumentException("'%s' is not an IP string literal.", ipString); 144 } 145 146 return bytesToInetAddress(addr); 147 } 148 149 /** 150 * Returns {@code true} if the supplied string is a valid IP string literal, {@code false} 151 * otherwise. 152 * 153 * @param ipString {@code String} to evaluated as an IP string literal 154 * @return {@code true} if the argument is a valid IP string literal 155 */ 156 public static boolean isInetAddress(String ipString) { 157 return ipStringToBytes(ipString) != null; 158 } 159 160 private static byte @Nullable [] ipStringToBytes(String ipString) { 161 // Make a first pass to categorize the characters in this string. 162 boolean hasColon = false; 163 boolean hasDot = false; 164 for (int i = 0; i < ipString.length(); i++) { 165 char c = ipString.charAt(i); 166 if (c == '.') { 167 hasDot = true; 168 } else if (c == ':') { 169 if (hasDot) { 170 return null; // Colons must not appear after dots. 171 } 172 hasColon = true; 173 } else if (Character.digit(c, 16) == -1) { 174 return null; // Everything else must be a decimal or hex digit. 175 } 176 } 177 178 // Now decide which address family to parse. 179 if (hasColon) { 180 if (hasDot) { 181 ipString = convertDottedQuadToHex(ipString); 182 if (ipString == null) { 183 return null; 184 } 185 } 186 return textToNumericFormatV6(ipString); 187 } else if (hasDot) { 188 return textToNumericFormatV4(ipString); 189 } 190 return null; 191 } 192 193 private static byte @Nullable [] textToNumericFormatV4(String ipString) { 194 byte[] bytes = new byte[IPV4_PART_COUNT]; 195 int i = 0; 196 try { 197 for (String octet : IPV4_SPLITTER.split(ipString)) { 198 bytes[i++] = parseOctet(octet); 199 } 200 } catch (NumberFormatException ex) { 201 return null; 202 } 203 204 return i == IPV4_PART_COUNT ? bytes : null; 205 } 206 207 private static byte @Nullable [] textToNumericFormatV6(String ipString) { 208 // An address can have [2..8] colons, and N colons make N+1 parts. 209 List<String> parts = IPV6_SPLITTER.splitToList(ipString); 210 if (parts.size() < 3 || parts.size() > IPV6_PART_COUNT + 1) { 211 return null; 212 } 213 214 // Disregarding the endpoints, find "::" with nothing in between. 215 // This indicates that a run of zeroes has been skipped. 216 int skipIndex = -1; 217 for (int i = 1; i < parts.size() - 1; i++) { 218 if (parts.get(i).length() == 0) { 219 if (skipIndex >= 0) { 220 return null; // Can't have more than one :: 221 } 222 skipIndex = i; 223 } 224 } 225 226 int partsHi; // Number of parts to copy from above/before the "::" 227 int partsLo; // Number of parts to copy from below/after the "::" 228 if (skipIndex >= 0) { 229 // If we found a "::", then check if it also covers the endpoints. 230 partsHi = skipIndex; 231 partsLo = parts.size() - skipIndex - 1; 232 if (parts.get(0).length() == 0 && --partsHi != 0) { 233 return null; // ^: requires ^:: 234 } 235 if (Iterables.getLast(parts).length() == 0 && --partsLo != 0) { 236 return null; // :$ requires ::$ 237 } 238 } else { 239 // Otherwise, allocate the entire address to partsHi. The endpoints 240 // could still be empty, but parseHextet() will check for that. 241 partsHi = parts.size(); 242 partsLo = 0; 243 } 244 245 // If we found a ::, then we must have skipped at least one part. 246 // Otherwise, we must have exactly the right number of parts. 247 int partsSkipped = IPV6_PART_COUNT - (partsHi + partsLo); 248 if (!(skipIndex >= 0 ? partsSkipped >= 1 : partsSkipped == 0)) { 249 return null; 250 } 251 252 // Now parse the hextets into a byte array. 253 ByteBuffer rawBytes = ByteBuffer.allocate(2 * IPV6_PART_COUNT); 254 try { 255 for (int i = 0; i < partsHi; i++) { 256 rawBytes.putShort(parseHextet(parts.get(i))); 257 } 258 for (int i = 0; i < partsSkipped; i++) { 259 rawBytes.putShort((short) 0); 260 } 261 for (int i = partsLo; i > 0; i--) { 262 rawBytes.putShort(parseHextet(parts.get(parts.size() - i))); 263 } 264 } catch (NumberFormatException ex) { 265 return null; 266 } 267 return rawBytes.array(); 268 } 269 270 private static @Nullable String convertDottedQuadToHex(String ipString) { 271 int lastColon = ipString.lastIndexOf(':'); 272 String initialPart = ipString.substring(0, lastColon + 1); 273 String dottedQuad = ipString.substring(lastColon + 1); 274 byte[] quad = textToNumericFormatV4(dottedQuad); 275 if (quad == null) { 276 return null; 277 } 278 String penultimate = Integer.toHexString(((quad[0] & 0xff) << 8) | (quad[1] & 0xff)); 279 String ultimate = Integer.toHexString(((quad[2] & 0xff) << 8) | (quad[3] & 0xff)); 280 return initialPart + penultimate + ":" + ultimate; 281 } 282 283 private static byte parseOctet(String ipPart) { 284 // Note: we already verified that this string contains only hex digits. 285 int octet = Integer.parseInt(ipPart); 286 // Disallow leading zeroes, because no clear standard exists on 287 // whether these should be interpreted as decimal or octal. 288 if (octet > 255 || (ipPart.startsWith("0") && ipPart.length() > 1)) { 289 throw new NumberFormatException(); 290 } 291 return (byte) octet; 292 } 293 294 private static short parseHextet(String ipPart) { 295 // Note: we already verified that this string contains only hex digits. 296 int hextet = Integer.parseInt(ipPart, 16); 297 if (hextet > 0xffff) { 298 throw new NumberFormatException(); 299 } 300 return (short) hextet; 301 } 302 303 /** 304 * Convert a byte array into an InetAddress. 305 * 306 * <p>{@link InetAddress#getByAddress} is documented as throwing a checked exception "if IP 307 * address is of illegal length." We replace it with an unchecked exception, for use by callers 308 * who already know that addr is an array of length 4 or 16. 309 * 310 * @param addr the raw 4-byte or 16-byte IP address in big-endian order 311 * @return an InetAddress object created from the raw IP address 312 */ 313 private static InetAddress bytesToInetAddress(byte[] addr) { 314 try { 315 return InetAddress.getByAddress(addr); 316 } catch (UnknownHostException e) { 317 throw new AssertionError(e); 318 } 319 } 320 321 /** 322 * Returns the string representation of an {@link InetAddress}. 323 * 324 * <p>For IPv4 addresses, this is identical to {@link InetAddress#getHostAddress()}, but for IPv6 325 * addresses, the output follows <a href="http://tools.ietf.org/html/rfc5952">RFC 5952</a> section 326 * 4. The main difference is that this method uses "::" for zero compression, while Java's version 327 * uses the uncompressed form. 328 * 329 * <p>This method uses hexadecimal for all IPv6 addresses, including IPv4-mapped IPv6 addresses 330 * such as "::c000:201". The output does not include a Scope ID. 331 * 332 * @param ip {@link InetAddress} to be converted to an address string 333 * @return {@code String} containing the text-formatted IP address 334 * @since 10.0 335 */ 336 public static String toAddrString(InetAddress ip) { 337 checkNotNull(ip); 338 if (ip instanceof Inet4Address) { 339 // For IPv4, Java's formatting is good enough. 340 return ip.getHostAddress(); 341 } 342 checkArgument(ip instanceof Inet6Address); 343 byte[] bytes = ip.getAddress(); 344 int[] hextets = new int[IPV6_PART_COUNT]; 345 for (int i = 0; i < hextets.length; i++) { 346 hextets[i] = Ints.fromBytes((byte) 0, (byte) 0, bytes[2 * i], bytes[2 * i + 1]); 347 } 348 compressLongestRunOfZeroes(hextets); 349 return hextetsToIPv6String(hextets); 350 } 351 352 /** 353 * Identify and mark the longest run of zeroes in an IPv6 address. 354 * 355 * <p>Only runs of two or more hextets are considered. In case of a tie, the leftmost run wins. If 356 * a qualifying run is found, its hextets are replaced by the sentinel value -1. 357 * 358 * @param hextets {@code int[]} mutable array of eight 16-bit hextets 359 */ 360 private static void compressLongestRunOfZeroes(int[] hextets) { 361 int bestRunStart = -1; 362 int bestRunLength = -1; 363 int runStart = -1; 364 for (int i = 0; i < hextets.length + 1; i++) { 365 if (i < hextets.length && hextets[i] == 0) { 366 if (runStart < 0) { 367 runStart = i; 368 } 369 } else if (runStart >= 0) { 370 int runLength = i - runStart; 371 if (runLength > bestRunLength) { 372 bestRunStart = runStart; 373 bestRunLength = runLength; 374 } 375 runStart = -1; 376 } 377 } 378 if (bestRunLength >= 2) { 379 Arrays.fill(hextets, bestRunStart, bestRunStart + bestRunLength, -1); 380 } 381 } 382 383 /** 384 * Convert a list of hextets into a human-readable IPv6 address. 385 * 386 * <p>In order for "::" compression to work, the input should contain negative sentinel values in 387 * place of the elided zeroes. 388 * 389 * @param hextets {@code int[]} array of eight 16-bit hextets, or -1s 390 */ 391 private static String hextetsToIPv6String(int[] hextets) { 392 // While scanning the array, handle these state transitions: 393 // start->num => "num" start->gap => "::" 394 // num->num => ":num" num->gap => "::" 395 // gap->num => "num" gap->gap => "" 396 StringBuilder buf = new StringBuilder(39); 397 boolean lastWasNumber = false; 398 for (int i = 0; i < hextets.length; i++) { 399 boolean thisIsNumber = hextets[i] >= 0; 400 if (thisIsNumber) { 401 if (lastWasNumber) { 402 buf.append(':'); 403 } 404 buf.append(Integer.toHexString(hextets[i])); 405 } else { 406 if (i == 0 || lastWasNumber) { 407 buf.append("::"); 408 } 409 } 410 lastWasNumber = thisIsNumber; 411 } 412 return buf.toString(); 413 } 414 415 /** 416 * Returns the string representation of an {@link InetAddress} suitable for inclusion in a URI. 417 * 418 * <p>For IPv4 addresses, this is identical to {@link InetAddress#getHostAddress()}, but for IPv6 419 * addresses it compresses zeroes and surrounds the text with square brackets; for example {@code 420 * "[2001:db8::1]"}. 421 * 422 * <p>Per section 3.2.2 of <a target="_parent" 423 * href="http://tools.ietf.org/html/rfc3986#section-3.2.2">RFC 3986</a>, a URI containing an IPv6 424 * string literal is of the form {@code "http://[2001:db8::1]:8888/index.html"}. 425 * 426 * <p>Use of either {@link InetAddresses#toAddrString}, {@link InetAddress#getHostAddress()}, or 427 * this method is recommended over {@link InetAddress#toString()} when an IP address string 428 * literal is desired. This is because {@link InetAddress#toString()} prints the hostname and the 429 * IP address string joined by a "/". 430 * 431 * @param ip {@link InetAddress} to be converted to URI string literal 432 * @return {@code String} containing URI-safe string literal 433 */ 434 public static String toUriString(InetAddress ip) { 435 if (ip instanceof Inet6Address) { 436 return "[" + toAddrString(ip) + "]"; 437 } 438 return toAddrString(ip); 439 } 440 441 /** 442 * Returns an InetAddress representing the literal IPv4 or IPv6 host portion of a URL, encoded in 443 * the format specified by RFC 3986 section 3.2.2. 444 * 445 * <p>This function is similar to {@link InetAddresses#forString(String)}, however, it requires 446 * that IPv6 addresses are surrounded by square brackets. 447 * 448 * <p>This function is the inverse of {@link InetAddresses#toUriString(java.net.InetAddress)}. 449 * 450 * @param hostAddr A RFC 3986 section 3.2.2 encoded IPv4 or IPv6 address 451 * @return an InetAddress representing the address in {@code hostAddr} 452 * @throws IllegalArgumentException if {@code hostAddr} is not a valid IPv4 address, or IPv6 453 * address surrounded by square brackets 454 */ 455 public static InetAddress forUriString(String hostAddr) { 456 InetAddress addr = forUriStringNoThrow(hostAddr); 457 if (addr == null) { 458 throw formatIllegalArgumentException("Not a valid URI IP literal: '%s'", hostAddr); 459 } 460 461 return addr; 462 } 463 464 private static @Nullable InetAddress forUriStringNoThrow(String hostAddr) { 465 checkNotNull(hostAddr); 466 467 // Decide if this should be an IPv6 or IPv4 address. 468 String ipString; 469 int expectBytes; 470 if (hostAddr.startsWith("[") && hostAddr.endsWith("]")) { 471 ipString = hostAddr.substring(1, hostAddr.length() - 1); 472 expectBytes = 16; 473 } else { 474 ipString = hostAddr; 475 expectBytes = 4; 476 } 477 478 // Parse the address, and make sure the length/version is correct. 479 byte[] addr = ipStringToBytes(ipString); 480 if (addr == null || addr.length != expectBytes) { 481 return null; 482 } 483 484 return bytesToInetAddress(addr); 485 } 486 487 /** 488 * Returns {@code true} if the supplied string is a valid URI IP string literal, {@code false} 489 * otherwise. 490 * 491 * @param ipString {@code String} to evaluated as an IP URI host string literal 492 * @return {@code true} if the argument is a valid IP URI host 493 */ 494 public static boolean isUriInetAddress(String ipString) { 495 return forUriStringNoThrow(ipString) != null; 496 } 497 498 /** 499 * Evaluates whether the argument is an IPv6 "compat" address. 500 * 501 * <p>An "IPv4 compatible", or "compat", address is one with 96 leading bits of zero, with the 502 * remaining 32 bits interpreted as an IPv4 address. These are conventionally represented in 503 * string literals as {@code "::192.168.0.1"}, though {@code "::c0a8:1"} is also considered an 504 * IPv4 compatible address (and equivalent to {@code "::192.168.0.1"}). 505 * 506 * <p>For more on IPv4 compatible addresses see section 2.5.5.1 of <a target="_parent" 507 * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.1">RFC 4291</a>. 508 * 509 * <p>NOTE: This method is different from {@link Inet6Address#isIPv4CompatibleAddress} in that it 510 * more correctly classifies {@code "::"} and {@code "::1"} as proper IPv6 addresses (which they 511 * are), NOT IPv4 compatible addresses (which they are generally NOT considered to be). 512 * 513 * @param ip {@link Inet6Address} to be examined for embedded IPv4 compatible address format 514 * @return {@code true} if the argument is a valid "compat" address 515 */ 516 public static boolean isCompatIPv4Address(Inet6Address ip) { 517 if (!ip.isIPv4CompatibleAddress()) { 518 return false; 519 } 520 521 byte[] bytes = ip.getAddress(); 522 if ((bytes[12] == 0) 523 && (bytes[13] == 0) 524 && (bytes[14] == 0) 525 && ((bytes[15] == 0) || (bytes[15] == 1))) { 526 return false; 527 } 528 529 return true; 530 } 531 532 /** 533 * Returns the IPv4 address embedded in an IPv4 compatible address. 534 * 535 * @param ip {@link Inet6Address} to be examined for an embedded IPv4 address 536 * @return {@link Inet4Address} of the embedded IPv4 address 537 * @throws IllegalArgumentException if the argument is not a valid IPv4 compatible address 538 */ 539 public static Inet4Address getCompatIPv4Address(Inet6Address ip) { 540 checkArgument( 541 isCompatIPv4Address(ip), "Address '%s' is not IPv4-compatible.", toAddrString(ip)); 542 543 return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 12, 16)); 544 } 545 546 /** 547 * Evaluates whether the argument is a 6to4 address. 548 * 549 * <p>6to4 addresses begin with the {@code "2002::/16"} prefix. The next 32 bits are the IPv4 550 * address of the host to which IPv6-in-IPv4 tunneled packets should be routed. 551 * 552 * <p>For more on 6to4 addresses see section 2 of <a target="_parent" 553 * href="http://tools.ietf.org/html/rfc3056#section-2">RFC 3056</a>. 554 * 555 * @param ip {@link Inet6Address} to be examined for 6to4 address format 556 * @return {@code true} if the argument is a 6to4 address 557 */ 558 public static boolean is6to4Address(Inet6Address ip) { 559 byte[] bytes = ip.getAddress(); 560 return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x02); 561 } 562 563 /** 564 * Returns the IPv4 address embedded in a 6to4 address. 565 * 566 * @param ip {@link Inet6Address} to be examined for embedded IPv4 in 6to4 address 567 * @return {@link Inet4Address} of embedded IPv4 in 6to4 address 568 * @throws IllegalArgumentException if the argument is not a valid IPv6 6to4 address 569 */ 570 public static Inet4Address get6to4IPv4Address(Inet6Address ip) { 571 checkArgument(is6to4Address(ip), "Address '%s' is not a 6to4 address.", toAddrString(ip)); 572 573 return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 2, 6)); 574 } 575 576 /** 577 * A simple immutable data class to encapsulate the information to be found in a Teredo address. 578 * 579 * <p>All of the fields in this class are encoded in various portions of the IPv6 address as part 580 * of the protocol. More protocols details can be found at: <a target="_parent" 581 * href="http://en.wikipedia.org/wiki/Teredo_tunneling">http://en.wikipedia. 582 * org/wiki/Teredo_tunneling</a>. 583 * 584 * <p>The RFC can be found here: <a target="_parent" href="http://tools.ietf.org/html/rfc4380">RFC 585 * 4380</a>. 586 * 587 * @since 5.0 588 */ 589 @Beta 590 public static final class TeredoInfo { 591 private final Inet4Address server; 592 private final Inet4Address client; 593 private final int port; 594 private final int flags; 595 596 /** 597 * Constructs a TeredoInfo instance. 598 * 599 * <p>Both server and client can be {@code null}, in which case the value {@code "0.0.0.0"} will 600 * be assumed. 601 * 602 * @throws IllegalArgumentException if either of the {@code port} or the {@code flags} arguments 603 * are out of range of an unsigned short 604 */ 605 // TODO: why is this public? 606 public TeredoInfo( 607 @Nullable Inet4Address server, @Nullable Inet4Address client, int port, int flags) { 608 checkArgument( 609 (port >= 0) && (port <= 0xffff), "port '%s' is out of range (0 <= port <= 0xffff)", port); 610 checkArgument( 611 (flags >= 0) && (flags <= 0xffff), 612 "flags '%s' is out of range (0 <= flags <= 0xffff)", 613 flags); 614 615 this.server = MoreObjects.firstNonNull(server, ANY4); 616 this.client = MoreObjects.firstNonNull(client, ANY4); 617 this.port = port; 618 this.flags = flags; 619 } 620 621 public Inet4Address getServer() { 622 return server; 623 } 624 625 public Inet4Address getClient() { 626 return client; 627 } 628 629 public int getPort() { 630 return port; 631 } 632 633 public int getFlags() { 634 return flags; 635 } 636 } 637 638 /** 639 * Evaluates whether the argument is a Teredo address. 640 * 641 * <p>Teredo addresses begin with the {@code "2001::/32"} prefix. 642 * 643 * @param ip {@link Inet6Address} to be examined for Teredo address format 644 * @return {@code true} if the argument is a Teredo address 645 */ 646 public static boolean isTeredoAddress(Inet6Address ip) { 647 byte[] bytes = ip.getAddress(); 648 return (bytes[0] == (byte) 0x20) 649 && (bytes[1] == (byte) 0x01) 650 && (bytes[2] == 0) 651 && (bytes[3] == 0); 652 } 653 654 /** 655 * Returns the Teredo information embedded in a Teredo address. 656 * 657 * @param ip {@link Inet6Address} to be examined for embedded Teredo information 658 * @return extracted {@code TeredoInfo} 659 * @throws IllegalArgumentException if the argument is not a valid IPv6 Teredo address 660 */ 661 public static TeredoInfo getTeredoInfo(Inet6Address ip) { 662 checkArgument(isTeredoAddress(ip), "Address '%s' is not a Teredo address.", toAddrString(ip)); 663 664 byte[] bytes = ip.getAddress(); 665 Inet4Address server = getInet4Address(Arrays.copyOfRange(bytes, 4, 8)); 666 667 int flags = ByteStreams.newDataInput(bytes, 8).readShort() & 0xffff; 668 669 // Teredo obfuscates the mapped client port, per section 4 of the RFC. 670 int port = ~ByteStreams.newDataInput(bytes, 10).readShort() & 0xffff; 671 672 byte[] clientBytes = Arrays.copyOfRange(bytes, 12, 16); 673 for (int i = 0; i < clientBytes.length; i++) { 674 // Teredo obfuscates the mapped client IP, per section 4 of the RFC. 675 clientBytes[i] = (byte) ~clientBytes[i]; 676 } 677 Inet4Address client = getInet4Address(clientBytes); 678 679 return new TeredoInfo(server, client, port, flags); 680 } 681 682 /** 683 * Evaluates whether the argument is an ISATAP address. 684 * 685 * <p>From RFC 5214: "ISATAP interface identifiers are constructed in Modified EUI-64 format [...] 686 * by concatenating the 24-bit IANA OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit 687 * IPv4 address in network byte order [...]" 688 * 689 * <p>For more on ISATAP addresses see section 6.1 of <a target="_parent" 690 * href="http://tools.ietf.org/html/rfc5214#section-6.1">RFC 5214</a>. 691 * 692 * @param ip {@link Inet6Address} to be examined for ISATAP address format 693 * @return {@code true} if the argument is an ISATAP address 694 */ 695 public static boolean isIsatapAddress(Inet6Address ip) { 696 697 // If it's a Teredo address with the right port (41217, or 0xa101) 698 // which would be encoded as 0x5efe then it can't be an ISATAP address. 699 if (isTeredoAddress(ip)) { 700 return false; 701 } 702 703 byte[] bytes = ip.getAddress(); 704 705 if ((bytes[8] | (byte) 0x03) != (byte) 0x03) { 706 707 // Verify that high byte of the 64 bit identifier is zero, modulo 708 // the U/L and G bits, with which we are not concerned. 709 return false; 710 } 711 712 return (bytes[9] == (byte) 0x00) && (bytes[10] == (byte) 0x5e) && (bytes[11] == (byte) 0xfe); 713 } 714 715 /** 716 * Returns the IPv4 address embedded in an ISATAP address. 717 * 718 * @param ip {@link Inet6Address} to be examined for embedded IPv4 in ISATAP address 719 * @return {@link Inet4Address} of embedded IPv4 in an ISATAP address 720 * @throws IllegalArgumentException if the argument is not a valid IPv6 ISATAP address 721 */ 722 public static Inet4Address getIsatapIPv4Address(Inet6Address ip) { 723 checkArgument(isIsatapAddress(ip), "Address '%s' is not an ISATAP address.", toAddrString(ip)); 724 725 return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 12, 16)); 726 } 727 728 /** 729 * Examines the Inet6Address to determine if it is an IPv6 address of one of the specified address 730 * types that contain an embedded IPv4 address. 731 * 732 * <p>NOTE: ISATAP addresses are explicitly excluded from this method due to their trivial 733 * spoofability. With other transition addresses spoofing involves (at least) infection of one's 734 * BGP routing table. 735 * 736 * @param ip {@link Inet6Address} to be examined for embedded IPv4 client address 737 * @return {@code true} if there is an embedded IPv4 client address 738 * @since 7.0 739 */ 740 public static boolean hasEmbeddedIPv4ClientAddress(Inet6Address ip) { 741 return isCompatIPv4Address(ip) || is6to4Address(ip) || isTeredoAddress(ip); 742 } 743 744 /** 745 * Examines the Inet6Address to extract the embedded IPv4 client address if the InetAddress is an 746 * IPv6 address of one of the specified address types that contain an embedded IPv4 address. 747 * 748 * <p>NOTE: ISATAP addresses are explicitly excluded from this method due to their trivial 749 * spoofability. With other transition addresses spoofing involves (at least) infection of one's 750 * BGP routing table. 751 * 752 * @param ip {@link Inet6Address} to be examined for embedded IPv4 client address 753 * @return {@link Inet4Address} of embedded IPv4 client address 754 * @throws IllegalArgumentException if the argument does not have a valid embedded IPv4 address 755 */ 756 public static Inet4Address getEmbeddedIPv4ClientAddress(Inet6Address ip) { 757 if (isCompatIPv4Address(ip)) { 758 return getCompatIPv4Address(ip); 759 } 760 761 if (is6to4Address(ip)) { 762 return get6to4IPv4Address(ip); 763 } 764 765 if (isTeredoAddress(ip)) { 766 return getTeredoInfo(ip).getClient(); 767 } 768 769 throw formatIllegalArgumentException("'%s' has no embedded IPv4 address.", toAddrString(ip)); 770 } 771 772 /** 773 * Evaluates whether the argument is an "IPv4 mapped" IPv6 address. 774 * 775 * <p>An "IPv4 mapped" address is anything in the range ::ffff:0:0/96 (sometimes written as 776 * ::ffff:0.0.0.0/96), with the last 32 bits interpreted as an IPv4 address. 777 * 778 * <p>For more on IPv4 mapped addresses see section 2.5.5.2 of <a target="_parent" 779 * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.2">RFC 4291</a>. 780 * 781 * <p>Note: This method takes a {@code String} argument because {@link InetAddress} automatically 782 * collapses mapped addresses to IPv4. (It is actually possible to avoid this using one of the 783 * obscure {@link Inet6Address} methods, but it would be unwise to depend on such a 784 * poorly-documented feature.) 785 * 786 * @param ipString {@code String} to be examined for embedded IPv4-mapped IPv6 address format 787 * @return {@code true} if the argument is a valid "mapped" address 788 * @since 10.0 789 */ 790 public static boolean isMappedIPv4Address(String ipString) { 791 byte[] bytes = ipStringToBytes(ipString); 792 if (bytes != null && bytes.length == 16) { 793 for (int i = 0; i < 10; i++) { 794 if (bytes[i] != 0) { 795 return false; 796 } 797 } 798 for (int i = 10; i < 12; i++) { 799 if (bytes[i] != (byte) 0xff) { 800 return false; 801 } 802 } 803 return true; 804 } 805 return false; 806 } 807 808 /** 809 * Coerces an IPv6 address into an IPv4 address. 810 * 811 * <p>HACK: As long as applications continue to use IPv4 addresses for indexing into tables, 812 * accounting, et cetera, it may be necessary to <b>coerce</b> IPv6 addresses into IPv4 addresses. 813 * This function does so by hashing the upper 64 bits into {@code 224.0.0.0/3} (64 bits into 29 814 * bits). 815 * 816 * <p>A "coerced" IPv4 address is equivalent to itself. 817 * 818 * <p>NOTE: This function is failsafe for security purposes: ALL IPv6 addresses (except localhost 819 * (::1)) are hashed to avoid the security risk associated with extracting an embedded IPv4 820 * address that might permit elevated privileges. 821 * 822 * @param ip {@link InetAddress} to "coerce" 823 * @return {@link Inet4Address} represented "coerced" address 824 * @since 7.0 825 */ 826 public static Inet4Address getCoercedIPv4Address(InetAddress ip) { 827 if (ip instanceof Inet4Address) { 828 return (Inet4Address) ip; 829 } 830 831 // Special cases: 832 byte[] bytes = ip.getAddress(); 833 boolean leadingBytesOfZero = true; 834 for (int i = 0; i < 15; ++i) { 835 if (bytes[i] != 0) { 836 leadingBytesOfZero = false; 837 break; 838 } 839 } 840 if (leadingBytesOfZero && (bytes[15] == 1)) { 841 return LOOPBACK4; // ::1 842 } else if (leadingBytesOfZero && (bytes[15] == 0)) { 843 return ANY4; // ::0 844 } 845 846 Inet6Address ip6 = (Inet6Address) ip; 847 long addressAsLong = 0; 848 if (hasEmbeddedIPv4ClientAddress(ip6)) { 849 addressAsLong = getEmbeddedIPv4ClientAddress(ip6).hashCode(); 850 } else { 851 852 // Just extract the high 64 bits (assuming the rest is user-modifiable). 853 addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong(); 854 } 855 856 // Many strategies for hashing are possible. This might suffice for now. 857 int coercedHash = Hashing.murmur3_32().hashLong(addressAsLong).asInt(); 858 859 // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3). 860 coercedHash |= 0xe0000000; 861 862 // Fixup to avoid some "illegal" values. Currently the only potential 863 // illegal value is 255.255.255.255. 864 if (coercedHash == 0xffffffff) { 865 coercedHash = 0xfffffffe; 866 } 867 868 return getInet4Address(Ints.toByteArray(coercedHash)); 869 } 870 871 /** 872 * Returns an integer representing an IPv4 address regardless of whether the supplied argument is 873 * an IPv4 address or not. 874 * 875 * <p>IPv6 addresses are <b>coerced</b> to IPv4 addresses before being converted to integers. 876 * 877 * <p>As long as there are applications that assume that all IP addresses are IPv4 addresses and 878 * can therefore be converted safely to integers (for whatever purpose) this function can be used 879 * to handle IPv6 addresses as well until the application is suitably fixed. 880 * 881 * <p>NOTE: an IPv6 address coerced to an IPv4 address can only be used for such purposes as 882 * rudimentary identification or indexing into a collection of real {@link InetAddress}es. They 883 * cannot be used as real addresses for the purposes of network communication. 884 * 885 * @param ip {@link InetAddress} to convert 886 * @return {@code int}, "coerced" if ip is not an IPv4 address 887 * @since 7.0 888 */ 889 public static int coerceToInteger(InetAddress ip) { 890 return ByteStreams.newDataInput(getCoercedIPv4Address(ip).getAddress()).readInt(); 891 } 892 893 /** 894 * Returns an Inet4Address having the integer value specified by the argument. 895 * 896 * @param address {@code int}, the 32bit integer address to be converted 897 * @return {@link Inet4Address} equivalent of the argument 898 */ 899 public static Inet4Address fromInteger(int address) { 900 return getInet4Address(Ints.toByteArray(address)); 901 } 902 903 /** 904 * Returns an address from a <b>little-endian ordered</b> byte array (the opposite of what {@link 905 * InetAddress#getByAddress} expects). 906 * 907 * <p>IPv4 address byte array must be 4 bytes long and IPv6 byte array must be 16 bytes long. 908 * 909 * @param addr the raw IP address in little-endian byte order 910 * @return an InetAddress object created from the raw IP address 911 * @throws UnknownHostException if IP address is of illegal length 912 */ 913 public static InetAddress fromLittleEndianByteArray(byte[] addr) throws UnknownHostException { 914 byte[] reversed = new byte[addr.length]; 915 for (int i = 0; i < addr.length; i++) { 916 reversed[i] = addr[addr.length - i - 1]; 917 } 918 return InetAddress.getByAddress(reversed); 919 } 920 921 /** 922 * Returns a new InetAddress that is one less than the passed in address. This method works for 923 * both IPv4 and IPv6 addresses. 924 * 925 * @param address the InetAddress to decrement 926 * @return a new InetAddress that is one less than the passed in address 927 * @throws IllegalArgumentException if InetAddress is at the beginning of its range 928 * @since 18.0 929 */ 930 public static InetAddress decrement(InetAddress address) { 931 byte[] addr = address.getAddress(); 932 int i = addr.length - 1; 933 while (i >= 0 && addr[i] == (byte) 0x00) { 934 addr[i] = (byte) 0xff; 935 i--; 936 } 937 938 checkArgument(i >= 0, "Decrementing %s would wrap.", address); 939 940 addr[i]--; 941 return bytesToInetAddress(addr); 942 } 943 944 /** 945 * Returns a new InetAddress that is one more than the passed in address. This method works for 946 * both IPv4 and IPv6 addresses. 947 * 948 * @param address the InetAddress to increment 949 * @return a new InetAddress that is one more than the passed in address 950 * @throws IllegalArgumentException if InetAddress is at the end of its range 951 * @since 10.0 952 */ 953 public static InetAddress increment(InetAddress address) { 954 byte[] addr = address.getAddress(); 955 int i = addr.length - 1; 956 while (i >= 0 && addr[i] == (byte) 0xff) { 957 addr[i] = 0; 958 i--; 959 } 960 961 checkArgument(i >= 0, "Incrementing %s would wrap.", address); 962 963 addr[i]++; 964 return bytesToInetAddress(addr); 965 } 966 967 /** 968 * Returns true if the InetAddress is either 255.255.255.255 for IPv4 or 969 * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6. 970 * 971 * @return true if the InetAddress is either 255.255.255.255 for IPv4 or 972 * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6 973 * @since 10.0 974 */ 975 public static boolean isMaximum(InetAddress address) { 976 byte[] addr = address.getAddress(); 977 for (int i = 0; i < addr.length; i++) { 978 if (addr[i] != (byte) 0xff) { 979 return false; 980 } 981 } 982 return true; 983 } 984 985 private static IllegalArgumentException formatIllegalArgumentException( 986 String format, Object... args) { 987 return new IllegalArgumentException(String.format(Locale.ROOT, format, args)); 988 } 989}