001/*
002 * Copyright (C) 2008 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import static com.google.common.base.Preconditions.checkArgument;
018import static com.google.common.base.Preconditions.checkNotNull;
019
020import com.google.common.annotations.GwtIncompatible;
021import com.google.common.annotations.J2ktIncompatible;
022import com.google.common.base.CharMatcher;
023import com.google.common.base.MoreObjects;
024import com.google.common.hash.Hashing;
025import com.google.common.io.ByteStreams;
026import com.google.common.primitives.Ints;
027import com.google.errorprone.annotations.CanIgnoreReturnValue;
028import java.math.BigInteger;
029import java.net.Inet4Address;
030import java.net.Inet6Address;
031import java.net.InetAddress;
032import java.net.UnknownHostException;
033import java.nio.ByteBuffer;
034import java.util.Arrays;
035import java.util.Locale;
036import javax.annotation.CheckForNull;
037
038/**
039 * Static utility methods pertaining to {@link InetAddress} instances.
040 *
041 * <p><b>Important note:</b> Unlike {@code InetAddress.getByName()}, the methods of this class never
042 * cause DNS services to be accessed. For this reason, you should prefer these methods as much as
043 * possible over their JDK equivalents whenever you are expecting to handle only IP address string
044 * literals -- there is no blocking DNS penalty for a malformed string.
045 *
046 * <p>When dealing with {@link Inet4Address} and {@link Inet6Address} objects as byte arrays (vis.
047 * {@code InetAddress.getAddress()}) they are 4 and 16 bytes in length, respectively, and represent
048 * the address in network byte order.
049 *
050 * <p>Examples of IP addresses and their byte representations:
051 *
052 * <dl>
053 *   <dt>The IPv4 loopback address, {@code "127.0.0.1"}.
054 *   <dd>{@code 7f 00 00 01}
055 *   <dt>The IPv6 loopback address, {@code "::1"}.
056 *   <dd>{@code 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01}
057 *   <dt>From the IPv6 reserved documentation prefix ({@code 2001:db8::/32}), {@code "2001:db8::1"}.
058 *   <dd>{@code 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01}
059 *   <dt>An IPv6 "IPv4 compatible" (or "compat") address, {@code "::192.168.0.1"}.
060 *   <dd>{@code 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 00 01}
061 *   <dt>An IPv6 "IPv4 mapped" address, {@code "::ffff:192.168.0.1"}.
062 *   <dd>{@code 00 00 00 00 00 00 00 00 00 00 ff ff c0 a8 00 01}
063 * </dl>
064 *
065 * <p>A few notes about IPv6 "IPv4 mapped" addresses and their observed use in Java.
066 *
067 * <p>"IPv4 mapped" addresses were originally a representation of IPv4 addresses for use on an IPv6
068 * socket that could receive both IPv4 and IPv6 connections (by disabling the {@code IPV6_V6ONLY}
069 * socket option on an IPv6 socket). Yes, it's confusing. Nevertheless, these "mapped" addresses
070 * were never supposed to be seen on the wire. That assumption was dropped, some say mistakenly, in
071 * later RFCs with the apparent aim of making IPv4-to-IPv6 transition simpler.
072 *
073 * <p>Technically one <i>can</i> create a 128bit IPv6 address with the wire format of a "mapped"
074 * address, as shown above, and transmit it in an IPv6 packet header. However, Java's InetAddress
075 * creation methods appear to adhere doggedly to the original intent of the "mapped" address: all
076 * "mapped" addresses return {@link Inet4Address} objects.
077 *
078 * <p>For added safety, it is common for IPv6 network operators to filter all packets where either
079 * the source or destination address appears to be a "compat" or "mapped" address. Filtering
080 * suggestions usually recommend discarding any packets with source or destination addresses in the
081 * invalid range {@code ::/3}, which includes both of these bizarre address formats. For more
082 * information on "bogons", including lists of IPv6 bogon space, see:
083 *
084 * <ul>
085 *   <li><a target="_parent"
086 *       href="http://en.wikipedia.org/wiki/Bogon_filtering">http://en.wikipedia.
087 *       org/wiki/Bogon_filtering</a>
088 *   <li><a target="_parent"
089 *       href="http://www.cymru.com/Bogons/ipv6.txt">http://www.cymru.com/Bogons/ ipv6.txt</a>
090 *   <li><a target="_parent" href="http://www.cymru.com/Bogons/v6bogon.html">http://www.cymru.com/
091 *       Bogons/v6bogon.html</a>
092 *   <li><a target="_parent" href="http://www.space.net/~gert/RIPE/ipv6-filters.html">http://www.
093 *       space.net/~gert/RIPE/ipv6-filters.html</a>
094 * </ul>
095 *
096 * @author Erik Kline
097 * @since 5.0
098 */
099@J2ktIncompatible
100@GwtIncompatible
101@ElementTypesAreNonnullByDefault
102public final class InetAddresses {
103  private static final int IPV4_PART_COUNT = 4;
104  private static final int IPV6_PART_COUNT = 8;
105  private static final char IPV4_DELIMITER = '.';
106  private static final char IPV6_DELIMITER = ':';
107  private static final CharMatcher IPV4_DELIMITER_MATCHER = CharMatcher.is(IPV4_DELIMITER);
108  private static final CharMatcher IPV6_DELIMITER_MATCHER = CharMatcher.is(IPV6_DELIMITER);
109  private static final Inet4Address LOOPBACK4 = (Inet4Address) forString("127.0.0.1");
110  private static final Inet4Address ANY4 = (Inet4Address) forString("0.0.0.0");
111
112  private InetAddresses() {}
113
114  /**
115   * Returns an {@link Inet4Address}, given a byte array representation of the IPv4 address.
116   *
117   * @param bytes byte array representing an IPv4 address (should be of length 4)
118   * @return {@link Inet4Address} corresponding to the supplied byte array
119   * @throws IllegalArgumentException if a valid {@link Inet4Address} can not be created
120   */
121  private static Inet4Address getInet4Address(byte[] bytes) {
122    checkArgument(
123        bytes.length == 4,
124        "Byte array has invalid length for an IPv4 address: %s != 4.",
125        bytes.length);
126
127    // Given a 4-byte array, this cast should always succeed.
128    return (Inet4Address) bytesToInetAddress(bytes);
129  }
130
131  /**
132   * Returns the {@link InetAddress} having the given string representation.
133   *
134   * <p>This deliberately avoids all nameservice lookups (e.g. no DNS).
135   *
136   * <p>Anything after a {@code %} in an IPv6 address is ignored (assumed to be a Scope ID).
137   *
138   * <p>This method accepts non-ASCII digits, for example {@code "192.168.0.1"} (those are fullwidth
139   * characters). That is consistent with {@link InetAddress}, but not with various RFCs. If you
140   * want to accept ASCII digits only, you can use something like {@code
141   * CharMatcher.ascii().matchesAllOf(ipString)}.
142   *
143   * @param ipString {@code String} containing an IPv4 or IPv6 string literal, e.g. {@code
144   *     "192.168.0.1"} or {@code "2001:db8::1"}
145   * @return {@link InetAddress} representing the argument
146   * @throws IllegalArgumentException if the argument is not a valid IP string literal
147   */
148  @CanIgnoreReturnValue // TODO(b/219820829): consider removing
149  public static InetAddress forString(String ipString) {
150    byte[] addr = ipStringToBytes(ipString);
151
152    // The argument was malformed, i.e. not an IP string literal.
153    if (addr == null) {
154      throw formatIllegalArgumentException("'%s' is not an IP string literal.", ipString);
155    }
156
157    return bytesToInetAddress(addr);
158  }
159
160  /**
161   * Returns {@code true} if the supplied string is a valid IP string literal, {@code false}
162   * otherwise.
163   *
164   * <p>This method accepts non-ASCII digits, for example {@code "192.168.0.1"} (those are fullwidth
165   * characters). That is consistent with {@link InetAddress}, but not with various RFCs. If you
166   * want to accept ASCII digits only, you can use something like {@code
167   * CharMatcher.ascii().matchesAllOf(ipString)}.
168   *
169   * @param ipString {@code String} to evaluated as an IP string literal
170   * @return {@code true} if the argument is a valid IP string literal
171   */
172  public static boolean isInetAddress(String ipString) {
173    return ipStringToBytes(ipString) != null;
174  }
175
176  /** Returns {@code null} if unable to parse into a {@code byte[]}. */
177  @CheckForNull
178  private static byte[] ipStringToBytes(String ipStringParam) {
179    String ipString = ipStringParam;
180    // Make a first pass to categorize the characters in this string.
181    boolean hasColon = false;
182    boolean hasDot = false;
183    int percentIndex = -1;
184    for (int i = 0; i < ipString.length(); i++) {
185      char c = ipString.charAt(i);
186      if (c == '.') {
187        hasDot = true;
188      } else if (c == ':') {
189        if (hasDot) {
190          return null; // Colons must not appear after dots.
191        }
192        hasColon = true;
193      } else if (c == '%') {
194        percentIndex = i;
195        break; // everything after a '%' is ignored (it's a Scope ID): http://superuser.com/a/99753
196      } else if (Character.digit(c, 16) == -1) {
197        return null; // Everything else must be a decimal or hex digit.
198      }
199    }
200
201    // Now decide which address family to parse.
202    if (hasColon) {
203      if (hasDot) {
204        ipString = convertDottedQuadToHex(ipString);
205        if (ipString == null) {
206          return null;
207        }
208      }
209      if (percentIndex != -1) {
210        ipString = ipString.substring(0, percentIndex);
211      }
212      return textToNumericFormatV6(ipString);
213    } else if (hasDot) {
214      if (percentIndex != -1) {
215        return null; // Scope IDs are not supported for IPV4
216      }
217      return textToNumericFormatV4(ipString);
218    }
219    return null;
220  }
221
222  @CheckForNull
223  private static byte[] textToNumericFormatV4(String ipString) {
224    if (IPV4_DELIMITER_MATCHER.countIn(ipString) + 1 != IPV4_PART_COUNT) {
225      return null; // Wrong number of parts
226    }
227
228    byte[] bytes = new byte[IPV4_PART_COUNT];
229    int start = 0;
230    // Iterate through the parts of the ip string.
231    // Invariant: start is always the beginning of an octet.
232    for (int i = 0; i < IPV4_PART_COUNT; i++) {
233      int end = ipString.indexOf(IPV4_DELIMITER, start);
234      if (end == -1) {
235        end = ipString.length();
236      }
237      try {
238        bytes[i] = parseOctet(ipString, start, end);
239      } catch (NumberFormatException ex) {
240        return null;
241      }
242      start = end + 1;
243    }
244
245    return bytes;
246  }
247
248  @CheckForNull
249  private static byte[] textToNumericFormatV6(String ipString) {
250    // An address can have [2..8] colons.
251    int delimiterCount = IPV6_DELIMITER_MATCHER.countIn(ipString);
252    if (delimiterCount < 2 || delimiterCount > IPV6_PART_COUNT) {
253      return null;
254    }
255    int partsSkipped = IPV6_PART_COUNT - (delimiterCount + 1); // estimate; may be modified later
256    boolean hasSkip = false;
257    // Scan for the appearance of ::, to mark a skip-format IPV6 string and adjust the partsSkipped
258    // estimate.
259    for (int i = 0; i < ipString.length() - 1; i++) {
260      if (ipString.charAt(i) == IPV6_DELIMITER && ipString.charAt(i + 1) == IPV6_DELIMITER) {
261        if (hasSkip) {
262          return null; // Can't have more than one ::
263        }
264        hasSkip = true;
265        partsSkipped++; // :: means we skipped an extra part in between the two delimiters.
266        if (i == 0) {
267          partsSkipped++; // Begins with ::, so we skipped the part preceding the first :
268        }
269        if (i == ipString.length() - 2) {
270          partsSkipped++; // Ends with ::, so we skipped the part after the last :
271        }
272      }
273    }
274    if (ipString.charAt(0) == IPV6_DELIMITER && ipString.charAt(1) != IPV6_DELIMITER) {
275      return null; // ^: requires ^::
276    }
277    if (ipString.charAt(ipString.length() - 1) == IPV6_DELIMITER
278        && ipString.charAt(ipString.length() - 2) != IPV6_DELIMITER) {
279      return null; // :$ requires ::$
280    }
281    if (hasSkip && partsSkipped <= 0) {
282      return null; // :: must expand to at least one '0'
283    }
284    if (!hasSkip && delimiterCount + 1 != IPV6_PART_COUNT) {
285      return null; // Incorrect number of parts
286    }
287
288    ByteBuffer rawBytes = ByteBuffer.allocate(2 * IPV6_PART_COUNT);
289    try {
290      // Iterate through the parts of the ip string.
291      // Invariant: start is always the beginning of a hextet, or the second ':' of the skip
292      // sequence "::"
293      int start = 0;
294      if (ipString.charAt(0) == IPV6_DELIMITER) {
295        start = 1;
296      }
297      while (start < ipString.length()) {
298        int end = ipString.indexOf(IPV6_DELIMITER, start);
299        if (end == -1) {
300          end = ipString.length();
301        }
302        if (ipString.charAt(start) == IPV6_DELIMITER) {
303          // expand zeroes
304          for (int i = 0; i < partsSkipped; i++) {
305            rawBytes.putShort((short) 0);
306          }
307
308        } else {
309          rawBytes.putShort(parseHextet(ipString, start, end));
310        }
311        start = end + 1;
312      }
313    } catch (NumberFormatException ex) {
314      return null;
315    }
316    return rawBytes.array();
317  }
318
319  @CheckForNull
320  private static String convertDottedQuadToHex(String ipString) {
321    int lastColon = ipString.lastIndexOf(':');
322    String initialPart = ipString.substring(0, lastColon + 1);
323    String dottedQuad = ipString.substring(lastColon + 1);
324    byte[] quad = textToNumericFormatV4(dottedQuad);
325    if (quad == null) {
326      return null;
327    }
328    String penultimate = Integer.toHexString(((quad[0] & 0xff) << 8) | (quad[1] & 0xff));
329    String ultimate = Integer.toHexString(((quad[2] & 0xff) << 8) | (quad[3] & 0xff));
330    return initialPart + penultimate + ":" + ultimate;
331  }
332
333  private static byte parseOctet(String ipString, int start, int end) {
334    // Note: we already verified that this string contains only hex digits, but the string may still
335    // contain non-decimal characters.
336    int length = end - start;
337    if (length <= 0 || length > 3) {
338      throw new NumberFormatException();
339    }
340    // Disallow leading zeroes, because no clear standard exists on
341    // whether these should be interpreted as decimal or octal.
342    if (length > 1 && ipString.charAt(start) == '0') {
343      throw new NumberFormatException();
344    }
345    int octet = 0;
346    for (int i = start; i < end; i++) {
347      octet *= 10;
348      int digit = Character.digit(ipString.charAt(i), 10);
349      if (digit < 0) {
350        throw new NumberFormatException();
351      }
352      octet += digit;
353    }
354    if (octet > 255) {
355      throw new NumberFormatException();
356    }
357    return (byte) octet;
358  }
359
360  // Parse a hextet out of the ipString from start (inclusive) to end (exclusive)
361  private static short parseHextet(String ipString, int start, int end) {
362    // Note: we already verified that this string contains only hex digits.
363    int length = end - start;
364    if (length <= 0 || length > 4) {
365      throw new NumberFormatException();
366    }
367    int hextet = 0;
368    for (int i = start; i < end; i++) {
369      hextet = hextet << 4;
370      hextet |= Character.digit(ipString.charAt(i), 16);
371    }
372    return (short) hextet;
373  }
374
375  /**
376   * Convert a byte array into an InetAddress.
377   *
378   * <p>{@link InetAddress#getByAddress} is documented as throwing a checked exception "if IP
379   * address is of illegal length." We replace it with an unchecked exception, for use by callers
380   * who already know that addr is an array of length 4 or 16.
381   *
382   * @param addr the raw 4-byte or 16-byte IP address in big-endian order
383   * @return an InetAddress object created from the raw IP address
384   */
385  private static InetAddress bytesToInetAddress(byte[] addr) {
386    try {
387      return InetAddress.getByAddress(addr);
388    } catch (UnknownHostException e) {
389      throw new AssertionError(e);
390    }
391  }
392
393  /**
394   * Returns the string representation of an {@link InetAddress}.
395   *
396   * <p>For IPv4 addresses, this is identical to {@link InetAddress#getHostAddress()}, but for IPv6
397   * addresses, the output follows <a href="http://tools.ietf.org/html/rfc5952">RFC 5952</a> section
398   * 4. The main difference is that this method uses "::" for zero compression, while Java's version
399   * uses the uncompressed form.
400   *
401   * <p>This method uses hexadecimal for all IPv6 addresses, including IPv4-mapped IPv6 addresses
402   * such as "::c000:201". The output does not include a Scope ID.
403   *
404   * @param ip {@link InetAddress} to be converted to an address string
405   * @return {@code String} containing the text-formatted IP address
406   * @since 10.0
407   */
408  public static String toAddrString(InetAddress ip) {
409    checkNotNull(ip);
410    if (ip instanceof Inet4Address) {
411      // For IPv4, Java's formatting is good enough.
412      return ip.getHostAddress();
413    }
414    checkArgument(ip instanceof Inet6Address);
415    byte[] bytes = ip.getAddress();
416    int[] hextets = new int[IPV6_PART_COUNT];
417    for (int i = 0; i < hextets.length; i++) {
418      hextets[i] = Ints.fromBytes((byte) 0, (byte) 0, bytes[2 * i], bytes[2 * i + 1]);
419    }
420    compressLongestRunOfZeroes(hextets);
421    return hextetsToIPv6String(hextets);
422  }
423
424  /**
425   * Identify and mark the longest run of zeroes in an IPv6 address.
426   *
427   * <p>Only runs of two or more hextets are considered. In case of a tie, the leftmost run wins. If
428   * a qualifying run is found, its hextets are replaced by the sentinel value -1.
429   *
430   * @param hextets {@code int[]} mutable array of eight 16-bit hextets
431   */
432  private static void compressLongestRunOfZeroes(int[] hextets) {
433    int bestRunStart = -1;
434    int bestRunLength = -1;
435    int runStart = -1;
436    for (int i = 0; i < hextets.length + 1; i++) {
437      if (i < hextets.length && hextets[i] == 0) {
438        if (runStart < 0) {
439          runStart = i;
440        }
441      } else if (runStart >= 0) {
442        int runLength = i - runStart;
443        if (runLength > bestRunLength) {
444          bestRunStart = runStart;
445          bestRunLength = runLength;
446        }
447        runStart = -1;
448      }
449    }
450    if (bestRunLength >= 2) {
451      Arrays.fill(hextets, bestRunStart, bestRunStart + bestRunLength, -1);
452    }
453  }
454
455  /**
456   * Convert a list of hextets into a human-readable IPv6 address.
457   *
458   * <p>In order for "::" compression to work, the input should contain negative sentinel values in
459   * place of the elided zeroes.
460   *
461   * @param hextets {@code int[]} array of eight 16-bit hextets, or -1s
462   */
463  private static String hextetsToIPv6String(int[] hextets) {
464    // While scanning the array, handle these state transitions:
465    //   start->num => "num"     start->gap => "::"
466    //   num->num   => ":num"    num->gap   => "::"
467    //   gap->num   => "num"     gap->gap   => ""
468    StringBuilder buf = new StringBuilder(39);
469    boolean lastWasNumber = false;
470    for (int i = 0; i < hextets.length; i++) {
471      boolean thisIsNumber = hextets[i] >= 0;
472      if (thisIsNumber) {
473        if (lastWasNumber) {
474          buf.append(':');
475        }
476        buf.append(Integer.toHexString(hextets[i]));
477      } else {
478        if (i == 0 || lastWasNumber) {
479          buf.append("::");
480        }
481      }
482      lastWasNumber = thisIsNumber;
483    }
484    return buf.toString();
485  }
486
487  /**
488   * Returns the string representation of an {@link InetAddress} suitable for inclusion in a URI.
489   *
490   * <p>For IPv4 addresses, this is identical to {@link InetAddress#getHostAddress()}, but for IPv6
491   * addresses it compresses zeroes and surrounds the text with square brackets; for example {@code
492   * "[2001:db8::1]"}.
493   *
494   * <p>Per section 3.2.2 of <a target="_parent"
495   * href="http://tools.ietf.org/html/rfc3986#section-3.2.2">RFC 3986</a>, a URI containing an IPv6
496   * string literal is of the form {@code "http://[2001:db8::1]:8888/index.html"}.
497   *
498   * <p>Use of either {@link InetAddresses#toAddrString}, {@link InetAddress#getHostAddress()}, or
499   * this method is recommended over {@link InetAddress#toString()} when an IP address string
500   * literal is desired. This is because {@link InetAddress#toString()} prints the hostname and the
501   * IP address string joined by a "/".
502   *
503   * @param ip {@link InetAddress} to be converted to URI string literal
504   * @return {@code String} containing URI-safe string literal
505   */
506  public static String toUriString(InetAddress ip) {
507    if (ip instanceof Inet6Address) {
508      return "[" + toAddrString(ip) + "]";
509    }
510    return toAddrString(ip);
511  }
512
513  /**
514   * Returns an InetAddress representing the literal IPv4 or IPv6 host portion of a URL, encoded in
515   * the format specified by RFC 3986 section 3.2.2.
516   *
517   * <p>This method is similar to {@link InetAddresses#forString(String)}, however, it requires that
518   * IPv6 addresses are surrounded by square brackets.
519   *
520   * <p>This method is the inverse of {@link InetAddresses#toUriString(java.net.InetAddress)}.
521   *
522   * <p>This method accepts non-ASCII digits, for example {@code "192.168.0.1"} (those are fullwidth
523   * characters). That is consistent with {@link InetAddress}, but not with various RFCs. If you
524   * want to accept ASCII digits only, you can use something like {@code
525   * CharMatcher.ascii().matchesAllOf(ipString)}.
526   *
527   * @param hostAddr an RFC 3986 section 3.2.2 encoded IPv4 or IPv6 address
528   * @return an InetAddress representing the address in {@code hostAddr}
529   * @throws IllegalArgumentException if {@code hostAddr} is not a valid IPv4 address, or IPv6
530   *     address surrounded by square brackets
531   */
532  public static InetAddress forUriString(String hostAddr) {
533    InetAddress addr = forUriStringNoThrow(hostAddr);
534    if (addr == null) {
535      throw formatIllegalArgumentException("Not a valid URI IP literal: '%s'", hostAddr);
536    }
537
538    return addr;
539  }
540
541  @CheckForNull
542  private static InetAddress forUriStringNoThrow(String hostAddr) {
543    checkNotNull(hostAddr);
544
545    // Decide if this should be an IPv6 or IPv4 address.
546    String ipString;
547    int expectBytes;
548    if (hostAddr.startsWith("[") && hostAddr.endsWith("]")) {
549      ipString = hostAddr.substring(1, hostAddr.length() - 1);
550      expectBytes = 16;
551    } else {
552      ipString = hostAddr;
553      expectBytes = 4;
554    }
555
556    // Parse the address, and make sure the length/version is correct.
557    byte[] addr = ipStringToBytes(ipString);
558    if (addr == null || addr.length != expectBytes) {
559      return null;
560    }
561
562    return bytesToInetAddress(addr);
563  }
564
565  /**
566   * Returns {@code true} if the supplied string is a valid URI IP string literal, {@code false}
567   * otherwise.
568   *
569   * <p>This method accepts non-ASCII digits, for example {@code "192.168.0.1"} (those are fullwidth
570   * characters). That is consistent with {@link InetAddress}, but not with various RFCs. If you
571   * want to accept ASCII digits only, you can use something like {@code
572   * CharMatcher.ascii().matchesAllOf(ipString)}.
573   *
574   * @param ipString {@code String} to evaluated as an IP URI host string literal
575   * @return {@code true} if the argument is a valid IP URI host
576   */
577  public static boolean isUriInetAddress(String ipString) {
578    return forUriStringNoThrow(ipString) != null;
579  }
580
581  /**
582   * Evaluates whether the argument is an IPv6 "compat" address.
583   *
584   * <p>An "IPv4 compatible", or "compat", address is one with 96 leading bits of zero, with the
585   * remaining 32 bits interpreted as an IPv4 address. These are conventionally represented in
586   * string literals as {@code "::192.168.0.1"}, though {@code "::c0a8:1"} is also considered an
587   * IPv4 compatible address (and equivalent to {@code "::192.168.0.1"}).
588   *
589   * <p>For more on IPv4 compatible addresses see section 2.5.5.1 of <a target="_parent"
590   * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.1">RFC 4291</a>.
591   *
592   * <p>NOTE: This method is different from {@link Inet6Address#isIPv4CompatibleAddress} in that it
593   * more correctly classifies {@code "::"} and {@code "::1"} as proper IPv6 addresses (which they
594   * are), NOT IPv4 compatible addresses (which they are generally NOT considered to be).
595   *
596   * @param ip {@link Inet6Address} to be examined for embedded IPv4 compatible address format
597   * @return {@code true} if the argument is a valid "compat" address
598   */
599  public static boolean isCompatIPv4Address(Inet6Address ip) {
600    if (!ip.isIPv4CompatibleAddress()) {
601      return false;
602    }
603
604    byte[] bytes = ip.getAddress();
605    if ((bytes[12] == 0)
606        && (bytes[13] == 0)
607        && (bytes[14] == 0)
608        && ((bytes[15] == 0) || (bytes[15] == 1))) {
609      return false;
610    }
611
612    return true;
613  }
614
615  /**
616   * Returns the IPv4 address embedded in an IPv4 compatible address.
617   *
618   * @param ip {@link Inet6Address} to be examined for an embedded IPv4 address
619   * @return {@link Inet4Address} of the embedded IPv4 address
620   * @throws IllegalArgumentException if the argument is not a valid IPv4 compatible address
621   */
622  public static Inet4Address getCompatIPv4Address(Inet6Address ip) {
623    checkArgument(
624        isCompatIPv4Address(ip), "Address '%s' is not IPv4-compatible.", toAddrString(ip));
625
626    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 12, 16));
627  }
628
629  /**
630   * Evaluates whether the argument is a 6to4 address.
631   *
632   * <p>6to4 addresses begin with the {@code "2002::/16"} prefix. The next 32 bits are the IPv4
633   * address of the host to which IPv6-in-IPv4 tunneled packets should be routed.
634   *
635   * <p>For more on 6to4 addresses see section 2 of <a target="_parent"
636   * href="http://tools.ietf.org/html/rfc3056#section-2">RFC 3056</a>.
637   *
638   * @param ip {@link Inet6Address} to be examined for 6to4 address format
639   * @return {@code true} if the argument is a 6to4 address
640   */
641  public static boolean is6to4Address(Inet6Address ip) {
642    byte[] bytes = ip.getAddress();
643    return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x02);
644  }
645
646  /**
647   * Returns the IPv4 address embedded in a 6to4 address.
648   *
649   * @param ip {@link Inet6Address} to be examined for embedded IPv4 in 6to4 address
650   * @return {@link Inet4Address} of embedded IPv4 in 6to4 address
651   * @throws IllegalArgumentException if the argument is not a valid IPv6 6to4 address
652   */
653  public static Inet4Address get6to4IPv4Address(Inet6Address ip) {
654    checkArgument(is6to4Address(ip), "Address '%s' is not a 6to4 address.", toAddrString(ip));
655
656    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 2, 6));
657  }
658
659  /**
660   * A simple immutable data class to encapsulate the information to be found in a Teredo address.
661   *
662   * <p>All of the fields in this class are encoded in various portions of the IPv6 address as part
663   * of the protocol. More protocols details can be found at: <a target="_parent"
664   * href="http://en.wikipedia.org/wiki/Teredo_tunneling">http://en.wikipedia.
665   * org/wiki/Teredo_tunneling</a>.
666   *
667   * <p>The RFC can be found here: <a target="_parent" href="http://tools.ietf.org/html/rfc4380">RFC
668   * 4380</a>.
669   *
670   * @since 5.0
671   */
672  public static final class TeredoInfo {
673    private final Inet4Address server;
674    private final Inet4Address client;
675    private final int port;
676    private final int flags;
677
678    /**
679     * Constructs a TeredoInfo instance.
680     *
681     * <p>Both server and client can be {@code null}, in which case the value {@code "0.0.0.0"} will
682     * be assumed.
683     *
684     * @throws IllegalArgumentException if either of the {@code port} or the {@code flags} arguments
685     *     are out of range of an unsigned short
686     */
687    // TODO: why is this public?
688    public TeredoInfo(
689        @CheckForNull Inet4Address server, @CheckForNull Inet4Address client, int port, int flags) {
690      checkArgument(
691          (port >= 0) && (port <= 0xffff), "port '%s' is out of range (0 <= port <= 0xffff)", port);
692      checkArgument(
693          (flags >= 0) && (flags <= 0xffff),
694          "flags '%s' is out of range (0 <= flags <= 0xffff)",
695          flags);
696
697      this.server = MoreObjects.firstNonNull(server, ANY4);
698      this.client = MoreObjects.firstNonNull(client, ANY4);
699      this.port = port;
700      this.flags = flags;
701    }
702
703    public Inet4Address getServer() {
704      return server;
705    }
706
707    public Inet4Address getClient() {
708      return client;
709    }
710
711    public int getPort() {
712      return port;
713    }
714
715    public int getFlags() {
716      return flags;
717    }
718  }
719
720  /**
721   * Evaluates whether the argument is a Teredo address.
722   *
723   * <p>Teredo addresses begin with the {@code "2001::/32"} prefix.
724   *
725   * @param ip {@link Inet6Address} to be examined for Teredo address format
726   * @return {@code true} if the argument is a Teredo address
727   */
728  public static boolean isTeredoAddress(Inet6Address ip) {
729    byte[] bytes = ip.getAddress();
730    return (bytes[0] == (byte) 0x20)
731        && (bytes[1] == (byte) 0x01)
732        && (bytes[2] == 0)
733        && (bytes[3] == 0);
734  }
735
736  /**
737   * Returns the Teredo information embedded in a Teredo address.
738   *
739   * @param ip {@link Inet6Address} to be examined for embedded Teredo information
740   * @return extracted {@code TeredoInfo}
741   * @throws IllegalArgumentException if the argument is not a valid IPv6 Teredo address
742   */
743  public static TeredoInfo getTeredoInfo(Inet6Address ip) {
744    checkArgument(isTeredoAddress(ip), "Address '%s' is not a Teredo address.", toAddrString(ip));
745
746    byte[] bytes = ip.getAddress();
747    Inet4Address server = getInet4Address(Arrays.copyOfRange(bytes, 4, 8));
748
749    int flags = ByteStreams.newDataInput(bytes, 8).readShort() & 0xffff;
750
751    // Teredo obfuscates the mapped client port, per section 4 of the RFC.
752    int port = ~ByteStreams.newDataInput(bytes, 10).readShort() & 0xffff;
753
754    byte[] clientBytes = Arrays.copyOfRange(bytes, 12, 16);
755    for (int i = 0; i < clientBytes.length; i++) {
756      // Teredo obfuscates the mapped client IP, per section 4 of the RFC.
757      clientBytes[i] = (byte) ~clientBytes[i];
758    }
759    Inet4Address client = getInet4Address(clientBytes);
760
761    return new TeredoInfo(server, client, port, flags);
762  }
763
764  /**
765   * Evaluates whether the argument is an ISATAP address.
766   *
767   * <p>From RFC 5214: "ISATAP interface identifiers are constructed in Modified EUI-64 format [...]
768   * by concatenating the 24-bit IANA OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit
769   * IPv4 address in network byte order [...]"
770   *
771   * <p>For more on ISATAP addresses see section 6.1 of <a target="_parent"
772   * href="http://tools.ietf.org/html/rfc5214#section-6.1">RFC 5214</a>.
773   *
774   * @param ip {@link Inet6Address} to be examined for ISATAP address format
775   * @return {@code true} if the argument is an ISATAP address
776   */
777  public static boolean isIsatapAddress(Inet6Address ip) {
778
779    // If it's a Teredo address with the right port (41217, or 0xa101)
780    // which would be encoded as 0x5efe then it can't be an ISATAP address.
781    if (isTeredoAddress(ip)) {
782      return false;
783    }
784
785    byte[] bytes = ip.getAddress();
786
787    if ((bytes[8] | (byte) 0x03) != (byte) 0x03) {
788
789      // Verify that high byte of the 64 bit identifier is zero, modulo
790      // the U/L and G bits, with which we are not concerned.
791      return false;
792    }
793
794    return (bytes[9] == (byte) 0x00) && (bytes[10] == (byte) 0x5e) && (bytes[11] == (byte) 0xfe);
795  }
796
797  /**
798   * Returns the IPv4 address embedded in an ISATAP address.
799   *
800   * @param ip {@link Inet6Address} to be examined for embedded IPv4 in ISATAP address
801   * @return {@link Inet4Address} of embedded IPv4 in an ISATAP address
802   * @throws IllegalArgumentException if the argument is not a valid IPv6 ISATAP address
803   */
804  public static Inet4Address getIsatapIPv4Address(Inet6Address ip) {
805    checkArgument(isIsatapAddress(ip), "Address '%s' is not an ISATAP address.", toAddrString(ip));
806
807    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 12, 16));
808  }
809
810  /**
811   * Examines the Inet6Address to determine if it is an IPv6 address of one of the specified address
812   * types that contain an embedded IPv4 address.
813   *
814   * <p>NOTE: ISATAP addresses are explicitly excluded from this method due to their trivial
815   * spoofability. With other transition addresses spoofing involves (at least) infection of one's
816   * BGP routing table.
817   *
818   * @param ip {@link Inet6Address} to be examined for embedded IPv4 client address
819   * @return {@code true} if there is an embedded IPv4 client address
820   * @since 7.0
821   */
822  public static boolean hasEmbeddedIPv4ClientAddress(Inet6Address ip) {
823    return isCompatIPv4Address(ip) || is6to4Address(ip) || isTeredoAddress(ip);
824  }
825
826  /**
827   * Examines the Inet6Address to extract the embedded IPv4 client address if the InetAddress is an
828   * IPv6 address of one of the specified address types that contain an embedded IPv4 address.
829   *
830   * <p>NOTE: ISATAP addresses are explicitly excluded from this method due to their trivial
831   * spoofability. With other transition addresses spoofing involves (at least) infection of one's
832   * BGP routing table.
833   *
834   * @param ip {@link Inet6Address} to be examined for embedded IPv4 client address
835   * @return {@link Inet4Address} of embedded IPv4 client address
836   * @throws IllegalArgumentException if the argument does not have a valid embedded IPv4 address
837   */
838  public static Inet4Address getEmbeddedIPv4ClientAddress(Inet6Address ip) {
839    if (isCompatIPv4Address(ip)) {
840      return getCompatIPv4Address(ip);
841    }
842
843    if (is6to4Address(ip)) {
844      return get6to4IPv4Address(ip);
845    }
846
847    if (isTeredoAddress(ip)) {
848      return getTeredoInfo(ip).getClient();
849    }
850
851    throw formatIllegalArgumentException("'%s' has no embedded IPv4 address.", toAddrString(ip));
852  }
853
854  /**
855   * Evaluates whether the argument is an "IPv4 mapped" IPv6 address.
856   *
857   * <p>An "IPv4 mapped" address is anything in the range ::ffff:0:0/96 (sometimes written as
858   * ::ffff:0.0.0.0/96), with the last 32 bits interpreted as an IPv4 address.
859   *
860   * <p>For more on IPv4 mapped addresses see section 2.5.5.2 of <a target="_parent"
861   * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.2">RFC 4291</a>.
862   *
863   * <p>Note: This method takes a {@code String} argument because {@link InetAddress} automatically
864   * collapses mapped addresses to IPv4. (It is actually possible to avoid this using one of the
865   * obscure {@link Inet6Address} methods, but it would be unwise to depend on such a
866   * poorly-documented feature.)
867   *
868   * <p>This method accepts non-ASCII digits. That is consistent with {@link InetAddress}, but not
869   * with various RFCs. If you want to accept ASCII digits only, you can use something like {@code
870   * CharMatcher.ascii().matchesAllOf(ipString)}.
871   *
872   * @param ipString {@code String} to be examined for embedded IPv4-mapped IPv6 address format
873   * @return {@code true} if the argument is a valid "mapped" address
874   * @since 10.0
875   */
876  public static boolean isMappedIPv4Address(String ipString) {
877    byte[] bytes = ipStringToBytes(ipString);
878    if (bytes != null && bytes.length == 16) {
879      for (int i = 0; i < 10; i++) {
880        if (bytes[i] != 0) {
881          return false;
882        }
883      }
884      for (int i = 10; i < 12; i++) {
885        if (bytes[i] != (byte) 0xff) {
886          return false;
887        }
888      }
889      return true;
890    }
891    return false;
892  }
893
894  /**
895   * Coerces an IPv6 address into an IPv4 address.
896   *
897   * <p>HACK: As long as applications continue to use IPv4 addresses for indexing into tables,
898   * accounting, et cetera, it may be necessary to <b>coerce</b> IPv6 addresses into IPv4 addresses.
899   * This method does so by hashing 64 bits of the IPv6 address into {@code 224.0.0.0/3} (64 bits
900   * into 29 bits):
901   *
902   * <ul>
903   *   <li>If the IPv6 address contains an embedded IPv4 address, the function hashes that.
904   *   <li>Otherwise, it hashes the upper 64 bits of the IPv6 address.
905   * </ul>
906   *
907   * <p>A "coerced" IPv4 address is equivalent to itself.
908   *
909   * <p>NOTE: This method is failsafe for security purposes: ALL IPv6 addresses (except localhost
910   * (::1)) are hashed to avoid the security risk associated with extracting an embedded IPv4
911   * address that might permit elevated privileges.
912   *
913   * @param ip {@link InetAddress} to "coerce"
914   * @return {@link Inet4Address} represented "coerced" address
915   * @since 7.0
916   */
917  public static Inet4Address getCoercedIPv4Address(InetAddress ip) {
918    if (ip instanceof Inet4Address) {
919      return (Inet4Address) ip;
920    }
921
922    // Special cases:
923    byte[] bytes = ip.getAddress();
924    boolean leadingBytesOfZero = true;
925    for (int i = 0; i < 15; ++i) {
926      if (bytes[i] != 0) {
927        leadingBytesOfZero = false;
928        break;
929      }
930    }
931    if (leadingBytesOfZero && (bytes[15] == 1)) {
932      return LOOPBACK4; // ::1
933    } else if (leadingBytesOfZero && (bytes[15] == 0)) {
934      return ANY4; // ::0
935    }
936
937    Inet6Address ip6 = (Inet6Address) ip;
938    long addressAsLong = 0;
939    if (hasEmbeddedIPv4ClientAddress(ip6)) {
940      addressAsLong = getEmbeddedIPv4ClientAddress(ip6).hashCode();
941    } else {
942      // Just extract the high 64 bits (assuming the rest is user-modifiable).
943      addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong();
944    }
945
946    // Many strategies for hashing are possible. This might suffice for now.
947    int coercedHash = Hashing.murmur3_32_fixed().hashLong(addressAsLong).asInt();
948
949    // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3).
950    coercedHash |= 0xe0000000;
951
952    // Fixup to avoid some "illegal" values. Currently the only potential
953    // illegal value is 255.255.255.255.
954    if (coercedHash == 0xffffffff) {
955      coercedHash = 0xfffffffe;
956    }
957
958    return getInet4Address(Ints.toByteArray(coercedHash));
959  }
960
961  /**
962   * Returns an integer representing an IPv4 address regardless of whether the supplied argument is
963   * an IPv4 address or not.
964   *
965   * <p>IPv6 addresses are <b>coerced</b> to IPv4 addresses before being converted to integers.
966   *
967   * <p>As long as there are applications that assume that all IP addresses are IPv4 addresses and
968   * can therefore be converted safely to integers (for whatever purpose) this function can be used
969   * to handle IPv6 addresses as well until the application is suitably fixed.
970   *
971   * <p>NOTE: an IPv6 address coerced to an IPv4 address can only be used for such purposes as
972   * rudimentary identification or indexing into a collection of real {@link InetAddress}es. They
973   * cannot be used as real addresses for the purposes of network communication.
974   *
975   * @param ip {@link InetAddress} to convert
976   * @return {@code int}, "coerced" if ip is not an IPv4 address
977   * @since 7.0
978   */
979  public static int coerceToInteger(InetAddress ip) {
980    return ByteStreams.newDataInput(getCoercedIPv4Address(ip).getAddress()).readInt();
981  }
982
983  /**
984   * Returns a BigInteger representing the address.
985   *
986   * <p>Unlike {@code coerceToInteger}, IPv6 addresses are not coerced to IPv4 addresses.
987   *
988   * @param address {@link InetAddress} to convert
989   * @return {@code BigInteger} representation of the address
990   * @since 28.2
991   */
992  public static BigInteger toBigInteger(InetAddress address) {
993    return new BigInteger(1, address.getAddress());
994  }
995
996  /**
997   * Returns an Inet4Address having the integer value specified by the argument.
998   *
999   * @param address {@code int}, the 32bit integer address to be converted
1000   * @return {@link Inet4Address} equivalent of the argument
1001   */
1002  public static Inet4Address fromInteger(int address) {
1003    return getInet4Address(Ints.toByteArray(address));
1004  }
1005
1006  /**
1007   * Returns the {@code Inet4Address} corresponding to a given {@code BigInteger}.
1008   *
1009   * @param address BigInteger representing the IPv4 address
1010   * @return Inet4Address representation of the given BigInteger
1011   * @throws IllegalArgumentException if the BigInteger is not between 0 and 2^32-1
1012   * @since 28.2
1013   */
1014  public static Inet4Address fromIPv4BigInteger(BigInteger address) {
1015    return (Inet4Address) fromBigInteger(address, false);
1016  }
1017  /**
1018   * Returns the {@code Inet6Address} corresponding to a given {@code BigInteger}.
1019   *
1020   * @param address BigInteger representing the IPv6 address
1021   * @return Inet6Address representation of the given BigInteger
1022   * @throws IllegalArgumentException if the BigInteger is not between 0 and 2^128-1
1023   * @since 28.2
1024   */
1025  public static Inet6Address fromIPv6BigInteger(BigInteger address) {
1026    return (Inet6Address) fromBigInteger(address, true);
1027  }
1028
1029  /**
1030   * Converts a BigInteger to either an IPv4 or IPv6 address. If the IP is IPv4, it must be
1031   * constrained to 32 bits, otherwise it is constrained to 128 bits.
1032   *
1033   * @param address the address represented as a big integer
1034   * @param isIpv6 whether the created address should be IPv4 or IPv6
1035   * @return the BigInteger converted to an address
1036   * @throws IllegalArgumentException if the BigInteger is not between 0 and maximum value for IPv4
1037   *     or IPv6 respectively
1038   */
1039  private static InetAddress fromBigInteger(BigInteger address, boolean isIpv6) {
1040    checkArgument(address.signum() >= 0, "BigInteger must be greater than or equal to 0");
1041
1042    int numBytes = isIpv6 ? 16 : 4;
1043
1044    byte[] addressBytes = address.toByteArray();
1045    byte[] targetCopyArray = new byte[numBytes];
1046
1047    int srcPos = Math.max(0, addressBytes.length - numBytes);
1048    int copyLength = addressBytes.length - srcPos;
1049    int destPos = numBytes - copyLength;
1050
1051    // Check the extra bytes in the BigInteger are all zero.
1052    for (int i = 0; i < srcPos; i++) {
1053      if (addressBytes[i] != 0x00) {
1054        throw formatIllegalArgumentException(
1055            "BigInteger cannot be converted to InetAddress because it has more than %d"
1056                + " bytes: %s",
1057            numBytes, address);
1058      }
1059    }
1060
1061    // Copy the bytes into the least significant positions.
1062    System.arraycopy(addressBytes, srcPos, targetCopyArray, destPos, copyLength);
1063
1064    try {
1065      return InetAddress.getByAddress(targetCopyArray);
1066    } catch (UnknownHostException impossible) {
1067      throw new AssertionError(impossible);
1068    }
1069  }
1070
1071  /**
1072   * Returns an address from a <b>little-endian ordered</b> byte array (the opposite of what {@link
1073   * InetAddress#getByAddress} expects).
1074   *
1075   * <p>IPv4 address byte array must be 4 bytes long and IPv6 byte array must be 16 bytes long.
1076   *
1077   * @param addr the raw IP address in little-endian byte order
1078   * @return an InetAddress object created from the raw IP address
1079   * @throws UnknownHostException if IP address is of illegal length
1080   */
1081  public static InetAddress fromLittleEndianByteArray(byte[] addr) throws UnknownHostException {
1082    byte[] reversed = new byte[addr.length];
1083    for (int i = 0; i < addr.length; i++) {
1084      reversed[i] = addr[addr.length - i - 1];
1085    }
1086    return InetAddress.getByAddress(reversed);
1087  }
1088
1089  /**
1090   * Returns a new InetAddress that is one less than the passed in address. This method works for
1091   * both IPv4 and IPv6 addresses.
1092   *
1093   * @param address the InetAddress to decrement
1094   * @return a new InetAddress that is one less than the passed in address
1095   * @throws IllegalArgumentException if InetAddress is at the beginning of its range
1096   * @since 18.0
1097   */
1098  public static InetAddress decrement(InetAddress address) {
1099    byte[] addr = address.getAddress();
1100    int i = addr.length - 1;
1101    while (i >= 0 && addr[i] == (byte) 0x00) {
1102      addr[i] = (byte) 0xff;
1103      i--;
1104    }
1105
1106    checkArgument(i >= 0, "Decrementing %s would wrap.", address);
1107
1108    addr[i]--;
1109    return bytesToInetAddress(addr);
1110  }
1111
1112  /**
1113   * Returns a new InetAddress that is one more than the passed in address. This method works for
1114   * both IPv4 and IPv6 addresses.
1115   *
1116   * @param address the InetAddress to increment
1117   * @return a new InetAddress that is one more than the passed in address
1118   * @throws IllegalArgumentException if InetAddress is at the end of its range
1119   * @since 10.0
1120   */
1121  public static InetAddress increment(InetAddress address) {
1122    byte[] addr = address.getAddress();
1123    int i = addr.length - 1;
1124    while (i >= 0 && addr[i] == (byte) 0xff) {
1125      addr[i] = 0;
1126      i--;
1127    }
1128
1129    checkArgument(i >= 0, "Incrementing %s would wrap.", address);
1130
1131    addr[i]++;
1132    return bytesToInetAddress(addr);
1133  }
1134
1135  /**
1136   * Returns true if the InetAddress is either 255.255.255.255 for IPv4 or
1137   * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.
1138   *
1139   * @return true if the InetAddress is either 255.255.255.255 for IPv4 or
1140   *     ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6
1141   * @since 10.0
1142   */
1143  public static boolean isMaximum(InetAddress address) {
1144    byte[] addr = address.getAddress();
1145    for (byte b : addr) {
1146      if (b != (byte) 0xff) {
1147        return false;
1148      }
1149    }
1150    return true;
1151  }
1152
1153  private static IllegalArgumentException formatIllegalArgumentException(
1154      String format, Object... args) {
1155    return new IllegalArgumentException(String.format(Locale.ROOT, format, args));
1156  }
1157}