001/*
002 * Copyright (C) 2008 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import static com.google.common.base.Preconditions.checkArgument;
018import static com.google.common.base.Preconditions.checkNotNull;
019
020import com.google.common.annotations.GwtIncompatible;
021import com.google.common.base.CharMatcher;
022import com.google.common.base.MoreObjects;
023import com.google.common.hash.Hashing;
024import com.google.common.io.ByteStreams;
025import com.google.common.primitives.Ints;
026import com.google.errorprone.annotations.CanIgnoreReturnValue;
027import java.math.BigInteger;
028import java.net.Inet4Address;
029import java.net.Inet6Address;
030import java.net.InetAddress;
031import java.net.UnknownHostException;
032import java.nio.ByteBuffer;
033import java.util.Arrays;
034import java.util.Locale;
035import javax.annotation.CheckForNull;
036
037/**
038 * Static utility methods pertaining to {@link InetAddress} instances.
039 *
040 * <p><b>Important note:</b> Unlike {@code InetAddress.getByName()}, the methods of this class never
041 * cause DNS services to be accessed. For this reason, you should prefer these methods as much as
042 * possible over their JDK equivalents whenever you are expecting to handle only IP address string
043 * literals -- there is no blocking DNS penalty for a malformed string.
044 *
045 * <p>When dealing with {@link Inet4Address} and {@link Inet6Address} objects as byte arrays (vis.
046 * {@code InetAddress.getAddress()}) they are 4 and 16 bytes in length, respectively, and represent
047 * the address in network byte order.
048 *
049 * <p>Examples of IP addresses and their byte representations:
050 *
051 * <dl>
052 *   <dt>The IPv4 loopback address, {@code "127.0.0.1"}.
053 *   <dd>{@code 7f 00 00 01}
054 *   <dt>The IPv6 loopback address, {@code "::1"}.
055 *   <dd>{@code 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01}
056 *   <dt>From the IPv6 reserved documentation prefix ({@code 2001:db8::/32}), {@code "2001:db8::1"}.
057 *   <dd>{@code 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01}
058 *   <dt>An IPv6 "IPv4 compatible" (or "compat") address, {@code "::192.168.0.1"}.
059 *   <dd>{@code 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 00 01}
060 *   <dt>An IPv6 "IPv4 mapped" address, {@code "::ffff:192.168.0.1"}.
061 *   <dd>{@code 00 00 00 00 00 00 00 00 00 00 ff ff c0 a8 00 01}
062 * </dl>
063 *
064 * <p>A few notes about IPv6 "IPv4 mapped" addresses and their observed use in Java.
065 *
066 * <p>"IPv4 mapped" addresses were originally a representation of IPv4 addresses for use on an IPv6
067 * socket that could receive both IPv4 and IPv6 connections (by disabling the {@code IPV6_V6ONLY}
068 * socket option on an IPv6 socket). Yes, it's confusing. Nevertheless, these "mapped" addresses
069 * were never supposed to be seen on the wire. That assumption was dropped, some say mistakenly, in
070 * later RFCs with the apparent aim of making IPv4-to-IPv6 transition simpler.
071 *
072 * <p>Technically one <i>can</i> create a 128bit IPv6 address with the wire format of a "mapped"
073 * address, as shown above, and transmit it in an IPv6 packet header. However, Java's InetAddress
074 * creation methods appear to adhere doggedly to the original intent of the "mapped" address: all
075 * "mapped" addresses return {@link Inet4Address} objects.
076 *
077 * <p>For added safety, it is common for IPv6 network operators to filter all packets where either
078 * the source or destination address appears to be a "compat" or "mapped" address. Filtering
079 * suggestions usually recommend discarding any packets with source or destination addresses in the
080 * invalid range {@code ::/3}, which includes both of these bizarre address formats. For more
081 * information on "bogons", including lists of IPv6 bogon space, see:
082 *
083 * <ul>
084 *   <li><a target="_parent"
085 *       href="http://en.wikipedia.org/wiki/Bogon_filtering">http://en.wikipedia.
086 *       org/wiki/Bogon_filtering</a>
087 *   <li><a target="_parent"
088 *       href="http://www.cymru.com/Bogons/ipv6.txt">http://www.cymru.com/Bogons/ ipv6.txt</a>
089 *   <li><a target="_parent" href="http://www.cymru.com/Bogons/v6bogon.html">http://www.cymru.com/
090 *       Bogons/v6bogon.html</a>
091 *   <li><a target="_parent" href="http://www.space.net/~gert/RIPE/ipv6-filters.html">http://www.
092 *       space.net/~gert/RIPE/ipv6-filters.html</a>
093 * </ul>
094 *
095 * @author Erik Kline
096 * @since 5.0
097 */
098@GwtIncompatible
099@ElementTypesAreNonnullByDefault
100public final class InetAddresses {
101  private static final int IPV4_PART_COUNT = 4;
102  private static final int IPV6_PART_COUNT = 8;
103  private static final char IPV4_DELIMITER = '.';
104  private static final char IPV6_DELIMITER = ':';
105  private static final CharMatcher IPV4_DELIMITER_MATCHER = CharMatcher.is(IPV4_DELIMITER);
106  private static final CharMatcher IPV6_DELIMITER_MATCHER = CharMatcher.is(IPV6_DELIMITER);
107  private static final Inet4Address LOOPBACK4 = (Inet4Address) forString("127.0.0.1");
108  private static final Inet4Address ANY4 = (Inet4Address) forString("0.0.0.0");
109
110  private InetAddresses() {}
111
112  /**
113   * Returns an {@link Inet4Address}, given a byte array representation of the IPv4 address.
114   *
115   * @param bytes byte array representing an IPv4 address (should be of length 4)
116   * @return {@link Inet4Address} corresponding to the supplied byte array
117   * @throws IllegalArgumentException if a valid {@link Inet4Address} can not be created
118   */
119  private static Inet4Address getInet4Address(byte[] bytes) {
120    checkArgument(
121        bytes.length == 4,
122        "Byte array has invalid length for an IPv4 address: %s != 4.",
123        bytes.length);
124
125    // Given a 4-byte array, this cast should always succeed.
126    return (Inet4Address) bytesToInetAddress(bytes);
127  }
128
129  /**
130   * Returns the {@link InetAddress} having the given string representation.
131   *
132   * <p>This deliberately avoids all nameservice lookups (e.g. no DNS).
133   *
134   * <p>Anything after a {@code %} in an IPv6 address is ignored (assumed to be a Scope ID).
135   *
136   * <p>This method accepts non-ASCII digits, for example {@code "192.168.0.1"} (those are fullwidth
137   * characters). That is consistent with {@link InetAddress}, but not with various RFCs. If you
138   * want to accept ASCII digits only, you can use something like {@code
139   * CharMatcher.ascii().matchesAllOf(ipString)}.
140   *
141   * @param ipString {@code String} containing an IPv4 or IPv6 string literal, e.g. {@code
142   *     "192.168.0.1"} or {@code "2001:db8::1"}
143   * @return {@link InetAddress} representing the argument
144   * @throws IllegalArgumentException if the argument is not a valid IP string literal
145   */
146  @CanIgnoreReturnValue // TODO(b/219820829): consider removing
147  public static InetAddress forString(String ipString) {
148    byte[] addr = ipStringToBytes(ipString);
149
150    // The argument was malformed, i.e. not an IP string literal.
151    if (addr == null) {
152      throw formatIllegalArgumentException("'%s' is not an IP string literal.", ipString);
153    }
154
155    return bytesToInetAddress(addr);
156  }
157
158  /**
159   * Returns {@code true} if the supplied string is a valid IP string literal, {@code false}
160   * otherwise.
161   *
162   * <p>This method accepts non-ASCII digits, for example {@code "192.168.0.1"} (those are fullwidth
163   * characters). That is consistent with {@link InetAddress}, but not with various RFCs. If you
164   * want to accept ASCII digits only, you can use something like {@code
165   * CharMatcher.ascii().matchesAllOf(ipString)}.
166   *
167   * @param ipString {@code String} to evaluated as an IP string literal
168   * @return {@code true} if the argument is a valid IP string literal
169   */
170  public static boolean isInetAddress(String ipString) {
171    return ipStringToBytes(ipString) != null;
172  }
173
174  /** Returns {@code null} if unable to parse into a {@code byte[]}. */
175  @CheckForNull
176  private static byte[] ipStringToBytes(String ipStringParam) {
177    String ipString = ipStringParam;
178    // Make a first pass to categorize the characters in this string.
179    boolean hasColon = false;
180    boolean hasDot = false;
181    int percentIndex = -1;
182    for (int i = 0; i < ipString.length(); i++) {
183      char c = ipString.charAt(i);
184      if (c == '.') {
185        hasDot = true;
186      } else if (c == ':') {
187        if (hasDot) {
188          return null; // Colons must not appear after dots.
189        }
190        hasColon = true;
191      } else if (c == '%') {
192        percentIndex = i;
193        break; // everything after a '%' is ignored (it's a Scope ID): http://superuser.com/a/99753
194      } else if (Character.digit(c, 16) == -1) {
195        return null; // Everything else must be a decimal or hex digit.
196      }
197    }
198
199    // Now decide which address family to parse.
200    if (hasColon) {
201      if (hasDot) {
202        ipString = convertDottedQuadToHex(ipString);
203        if (ipString == null) {
204          return null;
205        }
206      }
207      if (percentIndex != -1) {
208        ipString = ipString.substring(0, percentIndex);
209      }
210      return textToNumericFormatV6(ipString);
211    } else if (hasDot) {
212      if (percentIndex != -1) {
213        return null; // Scope IDs are not supported for IPV4
214      }
215      return textToNumericFormatV4(ipString);
216    }
217    return null;
218  }
219
220  @CheckForNull
221  private static byte[] textToNumericFormatV4(String ipString) {
222    if (IPV4_DELIMITER_MATCHER.countIn(ipString) + 1 != IPV4_PART_COUNT) {
223      return null; // Wrong number of parts
224    }
225
226    byte[] bytes = new byte[IPV4_PART_COUNT];
227    int start = 0;
228    // Iterate through the parts of the ip string.
229    // Invariant: start is always the beginning of an octet.
230    for (int i = 0; i < IPV4_PART_COUNT; i++) {
231      int end = ipString.indexOf(IPV4_DELIMITER, start);
232      if (end == -1) {
233        end = ipString.length();
234      }
235      try {
236        bytes[i] = parseOctet(ipString, start, end);
237      } catch (NumberFormatException ex) {
238        return null;
239      }
240      start = end + 1;
241    }
242
243    return bytes;
244  }
245
246  @CheckForNull
247  private static byte[] textToNumericFormatV6(String ipString) {
248    // An address can have [2..8] colons.
249    int delimiterCount = IPV6_DELIMITER_MATCHER.countIn(ipString);
250    if (delimiterCount < 2 || delimiterCount > IPV6_PART_COUNT) {
251      return null;
252    }
253    int partsSkipped = IPV6_PART_COUNT - (delimiterCount + 1); // estimate; may be modified later
254    boolean hasSkip = false;
255    // Scan for the appearance of ::, to mark a skip-format IPV6 string and adjust the partsSkipped
256    // estimate.
257    for (int i = 0; i < ipString.length() - 1; i++) {
258      if (ipString.charAt(i) == IPV6_DELIMITER && ipString.charAt(i + 1) == IPV6_DELIMITER) {
259        if (hasSkip) {
260          return null; // Can't have more than one ::
261        }
262        hasSkip = true;
263        partsSkipped++; // :: means we skipped an extra part in between the two delimiters.
264        if (i == 0) {
265          partsSkipped++; // Begins with ::, so we skipped the part preceding the first :
266        }
267        if (i == ipString.length() - 2) {
268          partsSkipped++; // Ends with ::, so we skipped the part after the last :
269        }
270      }
271    }
272    if (ipString.charAt(0) == IPV6_DELIMITER && ipString.charAt(1) != IPV6_DELIMITER) {
273      return null; // ^: requires ^::
274    }
275    if (ipString.charAt(ipString.length() - 1) == IPV6_DELIMITER
276        && ipString.charAt(ipString.length() - 2) != IPV6_DELIMITER) {
277      return null; // :$ requires ::$
278    }
279    if (hasSkip && partsSkipped <= 0) {
280      return null; // :: must expand to at least one '0'
281    }
282    if (!hasSkip && delimiterCount + 1 != IPV6_PART_COUNT) {
283      return null; // Incorrect number of parts
284    }
285
286    ByteBuffer rawBytes = ByteBuffer.allocate(2 * IPV6_PART_COUNT);
287    try {
288      // Iterate through the parts of the ip string.
289      // Invariant: start is always the beginning of a hextet, or the second ':' of the skip
290      // sequence "::"
291      int start = 0;
292      if (ipString.charAt(0) == IPV6_DELIMITER) {
293        start = 1;
294      }
295      while (start < ipString.length()) {
296        int end = ipString.indexOf(IPV6_DELIMITER, start);
297        if (end == -1) {
298          end = ipString.length();
299        }
300        if (ipString.charAt(start) == IPV6_DELIMITER) {
301          // expand zeroes
302          for (int i = 0; i < partsSkipped; i++) {
303            rawBytes.putShort((short) 0);
304          }
305
306        } else {
307          rawBytes.putShort(parseHextet(ipString, start, end));
308        }
309        start = end + 1;
310      }
311    } catch (NumberFormatException ex) {
312      return null;
313    }
314    return rawBytes.array();
315  }
316
317  @CheckForNull
318  private static String convertDottedQuadToHex(String ipString) {
319    int lastColon = ipString.lastIndexOf(':');
320    String initialPart = ipString.substring(0, lastColon + 1);
321    String dottedQuad = ipString.substring(lastColon + 1);
322    byte[] quad = textToNumericFormatV4(dottedQuad);
323    if (quad == null) {
324      return null;
325    }
326    String penultimate = Integer.toHexString(((quad[0] & 0xff) << 8) | (quad[1] & 0xff));
327    String ultimate = Integer.toHexString(((quad[2] & 0xff) << 8) | (quad[3] & 0xff));
328    return initialPart + penultimate + ":" + ultimate;
329  }
330
331  private static byte parseOctet(String ipString, int start, int end) {
332    // Note: we already verified that this string contains only hex digits, but the string may still
333    // contain non-decimal characters.
334    int length = end - start;
335    if (length <= 0 || length > 3) {
336      throw new NumberFormatException();
337    }
338    // Disallow leading zeroes, because no clear standard exists on
339    // whether these should be interpreted as decimal or octal.
340    if (length > 1 && ipString.charAt(start) == '0') {
341      throw new NumberFormatException();
342    }
343    int octet = 0;
344    for (int i = start; i < end; i++) {
345      octet *= 10;
346      int digit = Character.digit(ipString.charAt(i), 10);
347      if (digit < 0) {
348        throw new NumberFormatException();
349      }
350      octet += digit;
351    }
352    if (octet > 255) {
353      throw new NumberFormatException();
354    }
355    return (byte) octet;
356  }
357
358  // Parse a hextet out of the ipString from start (inclusive) to end (exclusive)
359  private static short parseHextet(String ipString, int start, int end) {
360    // Note: we already verified that this string contains only hex digits.
361    int length = end - start;
362    if (length <= 0 || length > 4) {
363      throw new NumberFormatException();
364    }
365    int hextet = 0;
366    for (int i = start; i < end; i++) {
367      hextet = hextet << 4;
368      hextet |= Character.digit(ipString.charAt(i), 16);
369    }
370    return (short) hextet;
371  }
372
373  /**
374   * Convert a byte array into an InetAddress.
375   *
376   * <p>{@link InetAddress#getByAddress} is documented as throwing a checked exception "if IP
377   * address is of illegal length." We replace it with an unchecked exception, for use by callers
378   * who already know that addr is an array of length 4 or 16.
379   *
380   * @param addr the raw 4-byte or 16-byte IP address in big-endian order
381   * @return an InetAddress object created from the raw IP address
382   */
383  private static InetAddress bytesToInetAddress(byte[] addr) {
384    try {
385      return InetAddress.getByAddress(addr);
386    } catch (UnknownHostException e) {
387      throw new AssertionError(e);
388    }
389  }
390
391  /**
392   * Returns the string representation of an {@link InetAddress}.
393   *
394   * <p>For IPv4 addresses, this is identical to {@link InetAddress#getHostAddress()}, but for IPv6
395   * addresses, the output follows <a href="http://tools.ietf.org/html/rfc5952">RFC 5952</a> section
396   * 4. The main difference is that this method uses "::" for zero compression, while Java's version
397   * uses the uncompressed form.
398   *
399   * <p>This method uses hexadecimal for all IPv6 addresses, including IPv4-mapped IPv6 addresses
400   * such as "::c000:201". The output does not include a Scope ID.
401   *
402   * @param ip {@link InetAddress} to be converted to an address string
403   * @return {@code String} containing the text-formatted IP address
404   * @since 10.0
405   */
406  public static String toAddrString(InetAddress ip) {
407    checkNotNull(ip);
408    if (ip instanceof Inet4Address) {
409      // For IPv4, Java's formatting is good enough.
410      return ip.getHostAddress();
411    }
412    checkArgument(ip instanceof Inet6Address);
413    byte[] bytes = ip.getAddress();
414    int[] hextets = new int[IPV6_PART_COUNT];
415    for (int i = 0; i < hextets.length; i++) {
416      hextets[i] = Ints.fromBytes((byte) 0, (byte) 0, bytes[2 * i], bytes[2 * i + 1]);
417    }
418    compressLongestRunOfZeroes(hextets);
419    return hextetsToIPv6String(hextets);
420  }
421
422  /**
423   * Identify and mark the longest run of zeroes in an IPv6 address.
424   *
425   * <p>Only runs of two or more hextets are considered. In case of a tie, the leftmost run wins. If
426   * a qualifying run is found, its hextets are replaced by the sentinel value -1.
427   *
428   * @param hextets {@code int[]} mutable array of eight 16-bit hextets
429   */
430  private static void compressLongestRunOfZeroes(int[] hextets) {
431    int bestRunStart = -1;
432    int bestRunLength = -1;
433    int runStart = -1;
434    for (int i = 0; i < hextets.length + 1; i++) {
435      if (i < hextets.length && hextets[i] == 0) {
436        if (runStart < 0) {
437          runStart = i;
438        }
439      } else if (runStart >= 0) {
440        int runLength = i - runStart;
441        if (runLength > bestRunLength) {
442          bestRunStart = runStart;
443          bestRunLength = runLength;
444        }
445        runStart = -1;
446      }
447    }
448    if (bestRunLength >= 2) {
449      Arrays.fill(hextets, bestRunStart, bestRunStart + bestRunLength, -1);
450    }
451  }
452
453  /**
454   * Convert a list of hextets into a human-readable IPv6 address.
455   *
456   * <p>In order for "::" compression to work, the input should contain negative sentinel values in
457   * place of the elided zeroes.
458   *
459   * @param hextets {@code int[]} array of eight 16-bit hextets, or -1s
460   */
461  private static String hextetsToIPv6String(int[] hextets) {
462    // While scanning the array, handle these state transitions:
463    //   start->num => "num"     start->gap => "::"
464    //   num->num   => ":num"    num->gap   => "::"
465    //   gap->num   => "num"     gap->gap   => ""
466    StringBuilder buf = new StringBuilder(39);
467    boolean lastWasNumber = false;
468    for (int i = 0; i < hextets.length; i++) {
469      boolean thisIsNumber = hextets[i] >= 0;
470      if (thisIsNumber) {
471        if (lastWasNumber) {
472          buf.append(':');
473        }
474        buf.append(Integer.toHexString(hextets[i]));
475      } else {
476        if (i == 0 || lastWasNumber) {
477          buf.append("::");
478        }
479      }
480      lastWasNumber = thisIsNumber;
481    }
482    return buf.toString();
483  }
484
485  /**
486   * Returns the string representation of an {@link InetAddress} suitable for inclusion in a URI.
487   *
488   * <p>For IPv4 addresses, this is identical to {@link InetAddress#getHostAddress()}, but for IPv6
489   * addresses it compresses zeroes and surrounds the text with square brackets; for example {@code
490   * "[2001:db8::1]"}.
491   *
492   * <p>Per section 3.2.2 of <a target="_parent"
493   * href="http://tools.ietf.org/html/rfc3986#section-3.2.2">RFC 3986</a>, a URI containing an IPv6
494   * string literal is of the form {@code "http://[2001:db8::1]:8888/index.html"}.
495   *
496   * <p>Use of either {@link InetAddresses#toAddrString}, {@link InetAddress#getHostAddress()}, or
497   * this method is recommended over {@link InetAddress#toString()} when an IP address string
498   * literal is desired. This is because {@link InetAddress#toString()} prints the hostname and the
499   * IP address string joined by a "/".
500   *
501   * @param ip {@link InetAddress} to be converted to URI string literal
502   * @return {@code String} containing URI-safe string literal
503   */
504  public static String toUriString(InetAddress ip) {
505    if (ip instanceof Inet6Address) {
506      return "[" + toAddrString(ip) + "]";
507    }
508    return toAddrString(ip);
509  }
510
511  /**
512   * Returns an InetAddress representing the literal IPv4 or IPv6 host portion of a URL, encoded in
513   * the format specified by RFC 3986 section 3.2.2.
514   *
515   * <p>This method is similar to {@link InetAddresses#forString(String)}, however, it requires that
516   * IPv6 addresses are surrounded by square brackets.
517   *
518   * <p>This method is the inverse of {@link InetAddresses#toUriString(java.net.InetAddress)}.
519   *
520   * <p>This method accepts non-ASCII digits, for example {@code "192.168.0.1"} (those are fullwidth
521   * characters). That is consistent with {@link InetAddress}, but not with various RFCs. If you
522   * want to accept ASCII digits only, you can use something like {@code
523   * CharMatcher.ascii().matchesAllOf(ipString)}.
524   *
525   * @param hostAddr A RFC 3986 section 3.2.2 encoded IPv4 or IPv6 address
526   * @return an InetAddress representing the address in {@code hostAddr}
527   * @throws IllegalArgumentException if {@code hostAddr} is not a valid IPv4 address, or IPv6
528   *     address surrounded by square brackets
529   */
530  public static InetAddress forUriString(String hostAddr) {
531    InetAddress addr = forUriStringNoThrow(hostAddr);
532    if (addr == null) {
533      throw formatIllegalArgumentException("Not a valid URI IP literal: '%s'", hostAddr);
534    }
535
536    return addr;
537  }
538
539  @CheckForNull
540  private static InetAddress forUriStringNoThrow(String hostAddr) {
541    checkNotNull(hostAddr);
542
543    // Decide if this should be an IPv6 or IPv4 address.
544    String ipString;
545    int expectBytes;
546    if (hostAddr.startsWith("[") && hostAddr.endsWith("]")) {
547      ipString = hostAddr.substring(1, hostAddr.length() - 1);
548      expectBytes = 16;
549    } else {
550      ipString = hostAddr;
551      expectBytes = 4;
552    }
553
554    // Parse the address, and make sure the length/version is correct.
555    byte[] addr = ipStringToBytes(ipString);
556    if (addr == null || addr.length != expectBytes) {
557      return null;
558    }
559
560    return bytesToInetAddress(addr);
561  }
562
563  /**
564   * Returns {@code true} if the supplied string is a valid URI IP string literal, {@code false}
565   * otherwise.
566   *
567   * <p>This method accepts non-ASCII digits, for example {@code "192.168.0.1"} (those are fullwidth
568   * characters). That is consistent with {@link InetAddress}, but not with various RFCs. If you
569   * want to accept ASCII digits only, you can use something like {@code
570   * CharMatcher.ascii().matchesAllOf(ipString)}.
571   *
572   * @param ipString {@code String} to evaluated as an IP URI host string literal
573   * @return {@code true} if the argument is a valid IP URI host
574   */
575  public static boolean isUriInetAddress(String ipString) {
576    return forUriStringNoThrow(ipString) != null;
577  }
578
579  /**
580   * Evaluates whether the argument is an IPv6 "compat" address.
581   *
582   * <p>An "IPv4 compatible", or "compat", address is one with 96 leading bits of zero, with the
583   * remaining 32 bits interpreted as an IPv4 address. These are conventionally represented in
584   * string literals as {@code "::192.168.0.1"}, though {@code "::c0a8:1"} is also considered an
585   * IPv4 compatible address (and equivalent to {@code "::192.168.0.1"}).
586   *
587   * <p>For more on IPv4 compatible addresses see section 2.5.5.1 of <a target="_parent"
588   * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.1">RFC 4291</a>.
589   *
590   * <p>NOTE: This method is different from {@link Inet6Address#isIPv4CompatibleAddress} in that it
591   * more correctly classifies {@code "::"} and {@code "::1"} as proper IPv6 addresses (which they
592   * are), NOT IPv4 compatible addresses (which they are generally NOT considered to be).
593   *
594   * @param ip {@link Inet6Address} to be examined for embedded IPv4 compatible address format
595   * @return {@code true} if the argument is a valid "compat" address
596   */
597  public static boolean isCompatIPv4Address(Inet6Address ip) {
598    if (!ip.isIPv4CompatibleAddress()) {
599      return false;
600    }
601
602    byte[] bytes = ip.getAddress();
603    if ((bytes[12] == 0)
604        && (bytes[13] == 0)
605        && (bytes[14] == 0)
606        && ((bytes[15] == 0) || (bytes[15] == 1))) {
607      return false;
608    }
609
610    return true;
611  }
612
613  /**
614   * Returns the IPv4 address embedded in an IPv4 compatible address.
615   *
616   * @param ip {@link Inet6Address} to be examined for an embedded IPv4 address
617   * @return {@link Inet4Address} of the embedded IPv4 address
618   * @throws IllegalArgumentException if the argument is not a valid IPv4 compatible address
619   */
620  public static Inet4Address getCompatIPv4Address(Inet6Address ip) {
621    checkArgument(
622        isCompatIPv4Address(ip), "Address '%s' is not IPv4-compatible.", toAddrString(ip));
623
624    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 12, 16));
625  }
626
627  /**
628   * Evaluates whether the argument is a 6to4 address.
629   *
630   * <p>6to4 addresses begin with the {@code "2002::/16"} prefix. The next 32 bits are the IPv4
631   * address of the host to which IPv6-in-IPv4 tunneled packets should be routed.
632   *
633   * <p>For more on 6to4 addresses see section 2 of <a target="_parent"
634   * href="http://tools.ietf.org/html/rfc3056#section-2">RFC 3056</a>.
635   *
636   * @param ip {@link Inet6Address} to be examined for 6to4 address format
637   * @return {@code true} if the argument is a 6to4 address
638   */
639  public static boolean is6to4Address(Inet6Address ip) {
640    byte[] bytes = ip.getAddress();
641    return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x02);
642  }
643
644  /**
645   * Returns the IPv4 address embedded in a 6to4 address.
646   *
647   * @param ip {@link Inet6Address} to be examined for embedded IPv4 in 6to4 address
648   * @return {@link Inet4Address} of embedded IPv4 in 6to4 address
649   * @throws IllegalArgumentException if the argument is not a valid IPv6 6to4 address
650   */
651  public static Inet4Address get6to4IPv4Address(Inet6Address ip) {
652    checkArgument(is6to4Address(ip), "Address '%s' is not a 6to4 address.", toAddrString(ip));
653
654    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 2, 6));
655  }
656
657  /**
658   * A simple immutable data class to encapsulate the information to be found in a Teredo address.
659   *
660   * <p>All of the fields in this class are encoded in various portions of the IPv6 address as part
661   * of the protocol. More protocols details can be found at: <a target="_parent"
662   * href="http://en.wikipedia.org/wiki/Teredo_tunneling">http://en.wikipedia.
663   * org/wiki/Teredo_tunneling</a>.
664   *
665   * <p>The RFC can be found here: <a target="_parent" href="http://tools.ietf.org/html/rfc4380">RFC
666   * 4380</a>.
667   *
668   * @since 5.0
669   */
670  public static final class TeredoInfo {
671    private final Inet4Address server;
672    private final Inet4Address client;
673    private final int port;
674    private final int flags;
675
676    /**
677     * Constructs a TeredoInfo instance.
678     *
679     * <p>Both server and client can be {@code null}, in which case the value {@code "0.0.0.0"} will
680     * be assumed.
681     *
682     * @throws IllegalArgumentException if either of the {@code port} or the {@code flags} arguments
683     *     are out of range of an unsigned short
684     */
685    // TODO: why is this public?
686    public TeredoInfo(
687        @CheckForNull Inet4Address server, @CheckForNull Inet4Address client, int port, int flags) {
688      checkArgument(
689          (port >= 0) && (port <= 0xffff), "port '%s' is out of range (0 <= port <= 0xffff)", port);
690      checkArgument(
691          (flags >= 0) && (flags <= 0xffff),
692          "flags '%s' is out of range (0 <= flags <= 0xffff)",
693          flags);
694
695      this.server = MoreObjects.firstNonNull(server, ANY4);
696      this.client = MoreObjects.firstNonNull(client, ANY4);
697      this.port = port;
698      this.flags = flags;
699    }
700
701    public Inet4Address getServer() {
702      return server;
703    }
704
705    public Inet4Address getClient() {
706      return client;
707    }
708
709    public int getPort() {
710      return port;
711    }
712
713    public int getFlags() {
714      return flags;
715    }
716  }
717
718  /**
719   * Evaluates whether the argument is a Teredo address.
720   *
721   * <p>Teredo addresses begin with the {@code "2001::/32"} prefix.
722   *
723   * @param ip {@link Inet6Address} to be examined for Teredo address format
724   * @return {@code true} if the argument is a Teredo address
725   */
726  public static boolean isTeredoAddress(Inet6Address ip) {
727    byte[] bytes = ip.getAddress();
728    return (bytes[0] == (byte) 0x20)
729        && (bytes[1] == (byte) 0x01)
730        && (bytes[2] == 0)
731        && (bytes[3] == 0);
732  }
733
734  /**
735   * Returns the Teredo information embedded in a Teredo address.
736   *
737   * @param ip {@link Inet6Address} to be examined for embedded Teredo information
738   * @return extracted {@code TeredoInfo}
739   * @throws IllegalArgumentException if the argument is not a valid IPv6 Teredo address
740   */
741  public static TeredoInfo getTeredoInfo(Inet6Address ip) {
742    checkArgument(isTeredoAddress(ip), "Address '%s' is not a Teredo address.", toAddrString(ip));
743
744    byte[] bytes = ip.getAddress();
745    Inet4Address server = getInet4Address(Arrays.copyOfRange(bytes, 4, 8));
746
747    int flags = ByteStreams.newDataInput(bytes, 8).readShort() & 0xffff;
748
749    // Teredo obfuscates the mapped client port, per section 4 of the RFC.
750    int port = ~ByteStreams.newDataInput(bytes, 10).readShort() & 0xffff;
751
752    byte[] clientBytes = Arrays.copyOfRange(bytes, 12, 16);
753    for (int i = 0; i < clientBytes.length; i++) {
754      // Teredo obfuscates the mapped client IP, per section 4 of the RFC.
755      clientBytes[i] = (byte) ~clientBytes[i];
756    }
757    Inet4Address client = getInet4Address(clientBytes);
758
759    return new TeredoInfo(server, client, port, flags);
760  }
761
762  /**
763   * Evaluates whether the argument is an ISATAP address.
764   *
765   * <p>From RFC 5214: "ISATAP interface identifiers are constructed in Modified EUI-64 format [...]
766   * by concatenating the 24-bit IANA OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit
767   * IPv4 address in network byte order [...]"
768   *
769   * <p>For more on ISATAP addresses see section 6.1 of <a target="_parent"
770   * href="http://tools.ietf.org/html/rfc5214#section-6.1">RFC 5214</a>.
771   *
772   * @param ip {@link Inet6Address} to be examined for ISATAP address format
773   * @return {@code true} if the argument is an ISATAP address
774   */
775  public static boolean isIsatapAddress(Inet6Address ip) {
776
777    // If it's a Teredo address with the right port (41217, or 0xa101)
778    // which would be encoded as 0x5efe then it can't be an ISATAP address.
779    if (isTeredoAddress(ip)) {
780      return false;
781    }
782
783    byte[] bytes = ip.getAddress();
784
785    if ((bytes[8] | (byte) 0x03) != (byte) 0x03) {
786
787      // Verify that high byte of the 64 bit identifier is zero, modulo
788      // the U/L and G bits, with which we are not concerned.
789      return false;
790    }
791
792    return (bytes[9] == (byte) 0x00) && (bytes[10] == (byte) 0x5e) && (bytes[11] == (byte) 0xfe);
793  }
794
795  /**
796   * Returns the IPv4 address embedded in an ISATAP address.
797   *
798   * @param ip {@link Inet6Address} to be examined for embedded IPv4 in ISATAP address
799   * @return {@link Inet4Address} of embedded IPv4 in an ISATAP address
800   * @throws IllegalArgumentException if the argument is not a valid IPv6 ISATAP address
801   */
802  public static Inet4Address getIsatapIPv4Address(Inet6Address ip) {
803    checkArgument(isIsatapAddress(ip), "Address '%s' is not an ISATAP address.", toAddrString(ip));
804
805    return getInet4Address(Arrays.copyOfRange(ip.getAddress(), 12, 16));
806  }
807
808  /**
809   * Examines the Inet6Address to determine if it is an IPv6 address of one of the specified address
810   * types that contain an embedded IPv4 address.
811   *
812   * <p>NOTE: ISATAP addresses are explicitly excluded from this method due to their trivial
813   * spoofability. With other transition addresses spoofing involves (at least) infection of one's
814   * BGP routing table.
815   *
816   * @param ip {@link Inet6Address} to be examined for embedded IPv4 client address
817   * @return {@code true} if there is an embedded IPv4 client address
818   * @since 7.0
819   */
820  public static boolean hasEmbeddedIPv4ClientAddress(Inet6Address ip) {
821    return isCompatIPv4Address(ip) || is6to4Address(ip) || isTeredoAddress(ip);
822  }
823
824  /**
825   * Examines the Inet6Address to extract the embedded IPv4 client address if the InetAddress is an
826   * IPv6 address of one of the specified address types that contain an embedded IPv4 address.
827   *
828   * <p>NOTE: ISATAP addresses are explicitly excluded from this method due to their trivial
829   * spoofability. With other transition addresses spoofing involves (at least) infection of one's
830   * BGP routing table.
831   *
832   * @param ip {@link Inet6Address} to be examined for embedded IPv4 client address
833   * @return {@link Inet4Address} of embedded IPv4 client address
834   * @throws IllegalArgumentException if the argument does not have a valid embedded IPv4 address
835   */
836  public static Inet4Address getEmbeddedIPv4ClientAddress(Inet6Address ip) {
837    if (isCompatIPv4Address(ip)) {
838      return getCompatIPv4Address(ip);
839    }
840
841    if (is6to4Address(ip)) {
842      return get6to4IPv4Address(ip);
843    }
844
845    if (isTeredoAddress(ip)) {
846      return getTeredoInfo(ip).getClient();
847    }
848
849    throw formatIllegalArgumentException("'%s' has no embedded IPv4 address.", toAddrString(ip));
850  }
851
852  /**
853   * Evaluates whether the argument is an "IPv4 mapped" IPv6 address.
854   *
855   * <p>An "IPv4 mapped" address is anything in the range ::ffff:0:0/96 (sometimes written as
856   * ::ffff:0.0.0.0/96), with the last 32 bits interpreted as an IPv4 address.
857   *
858   * <p>For more on IPv4 mapped addresses see section 2.5.5.2 of <a target="_parent"
859   * href="http://tools.ietf.org/html/rfc4291#section-2.5.5.2">RFC 4291</a>.
860   *
861   * <p>Note: This method takes a {@code String} argument because {@link InetAddress} automatically
862   * collapses mapped addresses to IPv4. (It is actually possible to avoid this using one of the
863   * obscure {@link Inet6Address} methods, but it would be unwise to depend on such a
864   * poorly-documented feature.)
865   *
866   * <p>This method accepts non-ASCII digits. That is consistent with {@link InetAddress}, but not
867   * with various RFCs. If you want to accept ASCII digits only, you can use something like {@code
868   * CharMatcher.ascii().matchesAllOf(ipString)}.
869   *
870   * @param ipString {@code String} to be examined for embedded IPv4-mapped IPv6 address format
871   * @return {@code true} if the argument is a valid "mapped" address
872   * @since 10.0
873   */
874  public static boolean isMappedIPv4Address(String ipString) {
875    byte[] bytes = ipStringToBytes(ipString);
876    if (bytes != null && bytes.length == 16) {
877      for (int i = 0; i < 10; i++) {
878        if (bytes[i] != 0) {
879          return false;
880        }
881      }
882      for (int i = 10; i < 12; i++) {
883        if (bytes[i] != (byte) 0xff) {
884          return false;
885        }
886      }
887      return true;
888    }
889    return false;
890  }
891
892  /**
893   * Coerces an IPv6 address into an IPv4 address.
894   *
895   * <p>HACK: As long as applications continue to use IPv4 addresses for indexing into tables,
896   * accounting, et cetera, it may be necessary to <b>coerce</b> IPv6 addresses into IPv4 addresses.
897   * This method does so by hashing 64 bits of the IPv6 address into {@code 224.0.0.0/3} (64 bits
898   * into 29 bits):
899   *
900   * <ul>
901   *   <li>If the IPv6 address contains an embedded IPv4 address, the function hashes that.
902   *   <li>Otherwise, it hashes the upper 64 bits of the IPv6 address.
903   * </ul>
904   *
905   * <p>A "coerced" IPv4 address is equivalent to itself.
906   *
907   * <p>NOTE: This method is failsafe for security purposes: ALL IPv6 addresses (except localhost
908   * (::1)) are hashed to avoid the security risk associated with extracting an embedded IPv4
909   * address that might permit elevated privileges.
910   *
911   * @param ip {@link InetAddress} to "coerce"
912   * @return {@link Inet4Address} represented "coerced" address
913   * @since 7.0
914   */
915  public static Inet4Address getCoercedIPv4Address(InetAddress ip) {
916    if (ip instanceof Inet4Address) {
917      return (Inet4Address) ip;
918    }
919
920    // Special cases:
921    byte[] bytes = ip.getAddress();
922    boolean leadingBytesOfZero = true;
923    for (int i = 0; i < 15; ++i) {
924      if (bytes[i] != 0) {
925        leadingBytesOfZero = false;
926        break;
927      }
928    }
929    if (leadingBytesOfZero && (bytes[15] == 1)) {
930      return LOOPBACK4; // ::1
931    } else if (leadingBytesOfZero && (bytes[15] == 0)) {
932      return ANY4; // ::0
933    }
934
935    Inet6Address ip6 = (Inet6Address) ip;
936    long addressAsLong = 0;
937    if (hasEmbeddedIPv4ClientAddress(ip6)) {
938      addressAsLong = getEmbeddedIPv4ClientAddress(ip6).hashCode();
939    } else {
940      // Just extract the high 64 bits (assuming the rest is user-modifiable).
941      addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong();
942    }
943
944    // Many strategies for hashing are possible. This might suffice for now.
945    int coercedHash = Hashing.murmur3_32_fixed().hashLong(addressAsLong).asInt();
946
947    // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3).
948    coercedHash |= 0xe0000000;
949
950    // Fixup to avoid some "illegal" values. Currently the only potential
951    // illegal value is 255.255.255.255.
952    if (coercedHash == 0xffffffff) {
953      coercedHash = 0xfffffffe;
954    }
955
956    return getInet4Address(Ints.toByteArray(coercedHash));
957  }
958
959  /**
960   * Returns an integer representing an IPv4 address regardless of whether the supplied argument is
961   * an IPv4 address or not.
962   *
963   * <p>IPv6 addresses are <b>coerced</b> to IPv4 addresses before being converted to integers.
964   *
965   * <p>As long as there are applications that assume that all IP addresses are IPv4 addresses and
966   * can therefore be converted safely to integers (for whatever purpose) this function can be used
967   * to handle IPv6 addresses as well until the application is suitably fixed.
968   *
969   * <p>NOTE: an IPv6 address coerced to an IPv4 address can only be used for such purposes as
970   * rudimentary identification or indexing into a collection of real {@link InetAddress}es. They
971   * cannot be used as real addresses for the purposes of network communication.
972   *
973   * @param ip {@link InetAddress} to convert
974   * @return {@code int}, "coerced" if ip is not an IPv4 address
975   * @since 7.0
976   */
977  public static int coerceToInteger(InetAddress ip) {
978    return ByteStreams.newDataInput(getCoercedIPv4Address(ip).getAddress()).readInt();
979  }
980
981  /**
982   * Returns a BigInteger representing the address.
983   *
984   * <p>Unlike {@code coerceToInteger}, IPv6 addresses are not coerced to IPv4 addresses.
985   *
986   * @param address {@link InetAddress} to convert
987   * @return {@code BigInteger} representation of the address
988   * @since 28.2
989   */
990  public static BigInteger toBigInteger(InetAddress address) {
991    return new BigInteger(1, address.getAddress());
992  }
993
994  /**
995   * Returns an Inet4Address having the integer value specified by the argument.
996   *
997   * @param address {@code int}, the 32bit integer address to be converted
998   * @return {@link Inet4Address} equivalent of the argument
999   */
1000  public static Inet4Address fromInteger(int address) {
1001    return getInet4Address(Ints.toByteArray(address));
1002  }
1003
1004  /**
1005   * Returns the {@code Inet4Address} corresponding to a given {@code BigInteger}.
1006   *
1007   * @param address BigInteger representing the IPv4 address
1008   * @return Inet4Address representation of the given BigInteger
1009   * @throws IllegalArgumentException if the BigInteger is not between 0 and 2^32-1
1010   * @since 28.2
1011   */
1012  public static Inet4Address fromIPv4BigInteger(BigInteger address) {
1013    return (Inet4Address) fromBigInteger(address, false);
1014  }
1015  /**
1016   * Returns the {@code Inet6Address} corresponding to a given {@code BigInteger}.
1017   *
1018   * @param address BigInteger representing the IPv6 address
1019   * @return Inet6Address representation of the given BigInteger
1020   * @throws IllegalArgumentException if the BigInteger is not between 0 and 2^128-1
1021   * @since 28.2
1022   */
1023  public static Inet6Address fromIPv6BigInteger(BigInteger address) {
1024    return (Inet6Address) fromBigInteger(address, true);
1025  }
1026
1027  /**
1028   * Converts a BigInteger to either an IPv4 or IPv6 address. If the IP is IPv4, it must be
1029   * constrainted to 32 bits, otherwise it is constrained to 128 bits.
1030   *
1031   * @param address the address represented as a big integer
1032   * @param isIpv6 whether the created address should be IPv4 or IPv6
1033   * @return the BigInteger converted to an address
1034   * @throws IllegalArgumentException if the BigInteger is not between 0 and maximum value for IPv4
1035   *     or IPv6 respectively
1036   */
1037  private static InetAddress fromBigInteger(BigInteger address, boolean isIpv6) {
1038    checkArgument(address.signum() >= 0, "BigInteger must be greater than or equal to 0");
1039
1040    int numBytes = isIpv6 ? 16 : 4;
1041
1042    byte[] addressBytes = address.toByteArray();
1043    byte[] targetCopyArray = new byte[numBytes];
1044
1045    int srcPos = Math.max(0, addressBytes.length - numBytes);
1046    int copyLength = addressBytes.length - srcPos;
1047    int destPos = numBytes - copyLength;
1048
1049    // Check the extra bytes in the BigInteger are all zero.
1050    for (int i = 0; i < srcPos; i++) {
1051      if (addressBytes[i] != 0x00) {
1052        throw formatIllegalArgumentException(
1053            "BigInteger cannot be converted to InetAddress because it has more than %d"
1054                + " bytes: %s",
1055            numBytes, address);
1056      }
1057    }
1058
1059    // Copy the bytes into the least significant positions.
1060    System.arraycopy(addressBytes, srcPos, targetCopyArray, destPos, copyLength);
1061
1062    try {
1063      return InetAddress.getByAddress(targetCopyArray);
1064    } catch (UnknownHostException impossible) {
1065      throw new AssertionError(impossible);
1066    }
1067  }
1068
1069  /**
1070   * Returns an address from a <b>little-endian ordered</b> byte array (the opposite of what {@link
1071   * InetAddress#getByAddress} expects).
1072   *
1073   * <p>IPv4 address byte array must be 4 bytes long and IPv6 byte array must be 16 bytes long.
1074   *
1075   * @param addr the raw IP address in little-endian byte order
1076   * @return an InetAddress object created from the raw IP address
1077   * @throws UnknownHostException if IP address is of illegal length
1078   */
1079  public static InetAddress fromLittleEndianByteArray(byte[] addr) throws UnknownHostException {
1080    byte[] reversed = new byte[addr.length];
1081    for (int i = 0; i < addr.length; i++) {
1082      reversed[i] = addr[addr.length - i - 1];
1083    }
1084    return InetAddress.getByAddress(reversed);
1085  }
1086
1087  /**
1088   * Returns a new InetAddress that is one less than the passed in address. This method works for
1089   * both IPv4 and IPv6 addresses.
1090   *
1091   * @param address the InetAddress to decrement
1092   * @return a new InetAddress that is one less than the passed in address
1093   * @throws IllegalArgumentException if InetAddress is at the beginning of its range
1094   * @since 18.0
1095   */
1096  public static InetAddress decrement(InetAddress address) {
1097    byte[] addr = address.getAddress();
1098    int i = addr.length - 1;
1099    while (i >= 0 && addr[i] == (byte) 0x00) {
1100      addr[i] = (byte) 0xff;
1101      i--;
1102    }
1103
1104    checkArgument(i >= 0, "Decrementing %s would wrap.", address);
1105
1106    addr[i]--;
1107    return bytesToInetAddress(addr);
1108  }
1109
1110  /**
1111   * Returns a new InetAddress that is one more than the passed in address. This method works for
1112   * both IPv4 and IPv6 addresses.
1113   *
1114   * @param address the InetAddress to increment
1115   * @return a new InetAddress that is one more than the passed in address
1116   * @throws IllegalArgumentException if InetAddress is at the end of its range
1117   * @since 10.0
1118   */
1119  public static InetAddress increment(InetAddress address) {
1120    byte[] addr = address.getAddress();
1121    int i = addr.length - 1;
1122    while (i >= 0 && addr[i] == (byte) 0xff) {
1123      addr[i] = 0;
1124      i--;
1125    }
1126
1127    checkArgument(i >= 0, "Incrementing %s would wrap.", address);
1128
1129    addr[i]++;
1130    return bytesToInetAddress(addr);
1131  }
1132
1133  /**
1134   * Returns true if the InetAddress is either 255.255.255.255 for IPv4 or
1135   * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.
1136   *
1137   * @return true if the InetAddress is either 255.255.255.255 for IPv4 or
1138   *     ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6
1139   * @since 10.0
1140   */
1141  public static boolean isMaximum(InetAddress address) {
1142    byte[] addr = address.getAddress();
1143    for (byte b : addr) {
1144      if (b != (byte) 0xff) {
1145        return false;
1146      }
1147    }
1148    return true;
1149  }
1150
1151  private static IllegalArgumentException formatIllegalArgumentException(
1152      String format, Object... args) {
1153    return new IllegalArgumentException(String.format(Locale.ROOT, format, args));
1154  }
1155}