// Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // IP address manipulations // // IPv4 addresses are 4 bytes; IPv6 addresses are 16 bytes. // An IPv4 address can be converted to an IPv6 address by // adding a canonical prefix (10 zeros, 2 0xFFs). // This library accepts either size of byte slice but always // returns 16-byte addresses. package net import ( "internal/bytealg" "internal/itoa" "internal/stringslite" "net/netip" ) // IP address lengths (bytes). const ( IPv4len = 4 IPv6len = 16 ) // An IP is a single IP address, a slice of bytes. // Functions in this package accept either 4-byte (IPv4) // or 16-byte (IPv6) slices as input. // // Note that in this documentation, referring to an // IP address as an IPv4 address or an IPv6 address // is a semantic property of the address, not just the // length of the byte slice: a 16-byte slice can still // be an IPv4 address. type IP []byte // An IPMask is a bitmask that can be used to manipulate // IP addresses for IP addressing and routing. // // See type [IPNet] and func [ParseCIDR] for details. type IPMask []byte // An IPNet represents an IP network. type IPNet struct { IP IP // network number Mask IPMask // network mask } // IPv4 returns the IP address (in 16-byte form) of the // IPv4 address a.b.c.d. func IPv4(a, b, c, d byte) IP { p := make(IP, IPv6len) copy(p, v4InV6Prefix) p[12] = a p[13] = b p[14] = c p[15] = d return p } var v4InV6Prefix = []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff} // IPv4Mask returns the IP mask (in 4-byte form) of the // IPv4 mask a.b.c.d. func IPv4Mask(a, b, c, d byte) IPMask { p := make(IPMask, IPv4len) p[0] = a p[1] = b p[2] = c p[3] = d return p } // CIDRMask returns an [IPMask] consisting of 'ones' 1 bits // followed by 0s up to a total length of 'bits' bits. // For a mask of this form, CIDRMask is the inverse of [IPMask.Size]. func CIDRMask(ones, bits int) IPMask { if bits != 8*IPv4len && bits != 8*IPv6len { return nil } if ones < 0 || ones > bits { return nil } l := bits / 8 m := make(IPMask, l) n := uint(ones) for i := 0; i < l; i++ { if n >= 8 { m[i] = 0xff n -= 8 continue } m[i] = ^byte(0xff >> n) n = 0 } return m } // Well-known IPv4 addresses var ( IPv4bcast = IPv4(255, 255, 255, 255) // limited broadcast IPv4allsys = IPv4(224, 0, 0, 1) // all systems IPv4allrouter = IPv4(224, 0, 0, 2) // all routers IPv4zero = IPv4(0, 0, 0, 0) // all zeros ) // Well-known IPv6 addresses var ( IPv6zero = IP{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} IPv6unspecified = IP{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} IPv6loopback = IP{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1} IPv6interfacelocalallnodes = IP{0xff, 0x01, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01} IPv6linklocalallnodes = IP{0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01} IPv6linklocalallrouters = IP{0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x02} ) // IsUnspecified reports whether ip is an unspecified address, either // the IPv4 address "0.0.0.0" or the IPv6 address "::". func (ip IP) IsUnspecified() bool { return ip.Equal(IPv4zero) || ip.Equal(IPv6unspecified) } // IsLoopback reports whether ip is a loopback address. func (ip IP) IsLoopback() bool { if ip4 := ip.To4(); ip4 != nil { return ip4[0] == 127 } return ip.Equal(IPv6loopback) } // IsPrivate reports whether ip is a private address, according to // RFC 1918 (IPv4 addresses) and RFC 4193 (IPv6 addresses). func (ip IP) IsPrivate() bool { if ip4 := ip.To4(); ip4 != nil { // Following RFC 1918, Section 3. Private Address Space which says: // The Internet Assigned Numbers Authority (IANA) has reserved the // following three blocks of the IP address space for private internets: // 10.0.0.0 - 10.255.255.255 (10/8 prefix) // 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) // 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) return ip4[0] == 10 || (ip4[0] == 172 && ip4[1]&0xf0 == 16) || (ip4[0] == 192 && ip4[1] == 168) } // Following RFC 4193, Section 8. IANA Considerations which says: // The IANA has assigned the FC00::/7 prefix to "Unique Local Unicast". return len(ip) == IPv6len && ip[0]&0xfe == 0xfc } // IsMulticast reports whether ip is a multicast address. func (ip IP) IsMulticast() bool { if ip4 := ip.To4(); ip4 != nil { return ip4[0]&0xf0 == 0xe0 } return len(ip) == IPv6len && ip[0] == 0xff } // IsInterfaceLocalMulticast reports whether ip is // an interface-local multicast address. func (ip IP) IsInterfaceLocalMulticast() bool { return len(ip) == IPv6len && ip[0] == 0xff && ip[1]&0x0f == 0x01 } // IsLinkLocalMulticast reports whether ip is a link-local // multicast address. func (ip IP) IsLinkLocalMulticast() bool { if ip4 := ip.To4(); ip4 != nil { return ip4[0] == 224 && ip4[1] == 0 && ip4[2] == 0 } return len(ip) == IPv6len && ip[0] == 0xff && ip[1]&0x0f == 0x02 } // IsLinkLocalUnicast reports whether ip is a link-local // unicast address. func (ip IP) IsLinkLocalUnicast() bool { if ip4 := ip.To4(); ip4 != nil { return ip4[0] == 169 && ip4[1] == 254 } return len(ip) == IPv6len && ip[0] == 0xfe && ip[1]&0xc0 == 0x80 } // IsGlobalUnicast reports whether ip is a global unicast // address. // // The identification of global unicast addresses uses address type // identification as defined in RFC 1122, RFC 4632 and RFC 4291 with // the exception of IPv4 directed broadcast addresses. // It returns true even if ip is in IPv4 private address space or // local IPv6 unicast address space. func (ip IP) IsGlobalUnicast() bool { return (len(ip) == IPv4len || len(ip) == IPv6len) && !ip.Equal(IPv4bcast) && !ip.IsUnspecified() && !ip.IsLoopback() && !ip.IsMulticast() && !ip.IsLinkLocalUnicast() } // Is p all zeros? func isZeros(p IP) bool { for i := 0; i < len(p); i++ { if p[i] != 0 { return false } } return true } // To4 converts the IPv4 address ip to a 4-byte representation. // If ip is not an IPv4 address, To4 returns nil. func (ip IP) To4() IP { if len(ip) == IPv4len { return ip } if len(ip) == IPv6len && isZeros(ip[0:10]) && ip[10] == 0xff && ip[11] == 0xff { return ip[12:16] } return nil } // To16 converts the IP address ip to a 16-byte representation. // If ip is not an IP address (it is the wrong length), To16 returns nil. func (ip IP) To16() IP { if len(ip) == IPv4len { return IPv4(ip[0], ip[1], ip[2], ip[3]) } if len(ip) == IPv6len { return ip } return nil } // Default route masks for IPv4. var ( classAMask = IPv4Mask(0xff, 0, 0, 0) classBMask = IPv4Mask(0xff, 0xff, 0, 0) classCMask = IPv4Mask(0xff, 0xff, 0xff, 0) ) // DefaultMask returns the default IP mask for the IP address ip. // Only IPv4 addresses have default masks; DefaultMask returns // nil if ip is not a valid IPv4 address. func (ip IP) DefaultMask() IPMask { if ip = ip.To4(); ip == nil { return nil } switch { case ip[0] < 0x80: return classAMask case ip[0] < 0xC0: return classBMask default: return classCMask } } func allFF(b []byte) bool { for _, c := range b { if c != 0xff { return false } } return true } // Mask returns the result of masking the IP address ip with mask. func (ip IP) Mask(mask IPMask) IP { if len(mask) == IPv6len && len(ip) == IPv4len && allFF(mask[:12]) { mask = mask[12:] } if len(mask) == IPv4len && len(ip) == IPv6len && bytealg.Equal(ip[:12], v4InV6Prefix) { ip = ip[12:] } n := len(ip) if n != len(mask) { return nil } out := make(IP, n) for i := 0; i < n; i++ { out[i] = ip[i] & mask[i] } return out } // String returns the string form of the IP address ip. // It returns one of 4 forms: // - "", if ip has length 0 // - dotted decimal ("192.0.2.1"), if ip is an IPv4 or IP4-mapped IPv6 address // - IPv6 conforming to RFC 5952 ("2001:db8::1"), if ip is a valid IPv6 address // - the hexadecimal form of ip, without punctuation, if no other cases apply func (ip IP) String() string { if len(ip) == 0 { return "" } if len(ip) != IPv4len && len(ip) != IPv6len { return "?" + hexString(ip) } var buf []byte switch len(ip) { case IPv4len: const maxCap = len("255.255.255.255") buf = make([]byte, 0, maxCap) case IPv6len: const maxCap = len("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff") buf = make([]byte, 0, maxCap) } buf = ip.appendTo(buf) return string(buf) } func hexString(b []byte) string { s := make([]byte, len(b)*2) for i, tn := range b { s[i*2], s[i*2+1] = hexDigit[tn>>4], hexDigit[tn&0xf] } return string(s) } // ipEmptyString is like ip.String except that it returns // an empty string when ip is unset. func ipEmptyString(ip IP) string { if len(ip) == 0 { return "" } return ip.String() } // appendTo appends the string representation of ip to b and returns the expanded b // If len(ip) != IPv4len or IPv6len, it appends nothing. func (ip IP) appendTo(b []byte) []byte { // If IPv4, use dotted notation. if p4 := ip.To4(); len(p4) == IPv4len { ip = p4 } addr, _ := netip.AddrFromSlice(ip) return addr.AppendTo(b) } // AppendText implements the [encoding.TextAppender] interface. // The encoding is the same as returned by [IP.String], with one exception: // When len(ip) is zero, it appends nothing. func (ip IP) AppendText(b []byte) ([]byte, error) { if len(ip) == 0 { return b, nil } if len(ip) != IPv4len && len(ip) != IPv6len { return b, &AddrError{Err: "invalid IP address", Addr: hexString(ip)} } return ip.appendTo(b), nil } // MarshalText implements the [encoding.TextMarshaler] interface. // The encoding is the same as returned by [IP.String], with one exception: // When len(ip) is zero, it returns an empty slice. func (ip IP) MarshalText() ([]byte, error) { // 24 is satisfied with all IPv4 addresses and short IPv6 addresses b, err := ip.AppendText(make([]byte, 0, 24)) if err != nil { return nil, err } return b, nil } // UnmarshalText implements the [encoding.TextUnmarshaler] interface. // The IP address is expected in a form accepted by [ParseIP]. func (ip *IP) UnmarshalText(text []byte) error { if len(text) == 0 { *ip = nil return nil } s := string(text) x := ParseIP(s) if x == nil { return &ParseError{Type: "IP address", Text: s} } *ip = x return nil } // Equal reports whether ip and x are the same IP address. // An IPv4 address and that same address in IPv6 form are // considered to be equal. func (ip IP) Equal(x IP) bool { if len(ip) == len(x) { return bytealg.Equal(ip, x) } if len(ip) == IPv4len && len(x) == IPv6len { return bytealg.Equal(x[0:12], v4InV6Prefix) && bytealg.Equal(ip, x[12:]) } if len(ip) == IPv6len && len(x) == IPv4len { return bytealg.Equal(ip[0:12], v4InV6Prefix) && bytealg.Equal(ip[12:], x) } return false } func (ip IP) matchAddrFamily(x IP) bool { return ip.To4() != nil && x.To4() != nil || ip.To16() != nil && ip.To4() == nil && x.To16() != nil && x.To4() == nil } // If mask is a sequence of 1 bits followed by 0 bits, // return the number of 1 bits. func simpleMaskLength(mask IPMask) int { var n int for i, v := range mask { if v == 0xff { n += 8 continue } // found non-ff byte // count 1 bits for v&0x80 != 0 { n++ v <<= 1 } // rest must be 0 bits if v != 0 { return -1 } for i++; i < len(mask); i++ { if mask[i] != 0 { return -1 } } break } return n } // Size returns the number of leading ones and total bits in the mask. // If the mask is not in the canonical form--ones followed by zeros--then // Size returns 0, 0. func (m IPMask) Size() (ones, bits int) { ones, bits = simpleMaskLength(m), len(m)*8 if ones == -1 { return 0, 0 } return } // String returns the hexadecimal form of m, with no punctuation. func (m IPMask) String() string { if len(m) == 0 { return "" } return hexString(m) } func networkNumberAndMask(n *IPNet) (ip IP, m IPMask) { if ip = n.IP.To4(); ip == nil { ip = n.IP if len(ip) != IPv6len { return nil, nil } } m = n.Mask switch len(m) { case IPv4len: if len(ip) != IPv4len { return nil, nil } case IPv6len: if len(ip) == IPv4len { m = m[12:] } default: return nil, nil } return } // Contains reports whether the network includes ip. func (n *IPNet) Contains(ip IP) bool { nn, m := networkNumberAndMask(n) if x := ip.To4(); x != nil { ip = x } l := len(ip) if l != len(nn) { return false } for i := 0; i < l; i++ { if nn[i]&m[i] != ip[i]&m[i] { return false } } return true } // Network returns the address's network name, "ip+net". func (n *IPNet) Network() string { return "ip+net" } // String returns the CIDR notation of n like "192.0.2.0/24" // or "2001:db8::/48" as defined in RFC 4632 and RFC 4291. // If the mask is not in the canonical form, it returns the // string which consists of an IP address, followed by a slash // character and a mask expressed as hexadecimal form with no // punctuation like "198.51.100.0/c000ff00". func (n *IPNet) String() string { if n == nil { return "" } nn, m := networkNumberAndMask(n) if nn == nil || m == nil { return "" } l := simpleMaskLength(m) if l == -1 { return nn.String() + "/" + m.String() } return nn.String() + "/" + itoa.Uitoa(uint(l)) } // ParseIP parses s as an IP address, returning the result. // The string s can be in IPv4 dotted decimal ("192.0.2.1"), IPv6 // ("2001:db8::68"), or IPv4-mapped IPv6 ("::ffff:192.0.2.1") form. // If s is not a valid textual representation of an IP address, // ParseIP returns nil. The returned address is always 16 bytes, // IPv4 addresses are returned in IPv4-mapped IPv6 form. func ParseIP(s string) IP { if addr, valid := parseIP(s); valid { return IP(addr[:]) } return nil } func parseIP(s string) ([16]byte, bool) { ip, err := netip.ParseAddr(s) if err != nil || ip.Zone() != "" { return [16]byte{}, false } return ip.As16(), true } // ParseCIDR parses s as a CIDR notation IP address and prefix length, // like "192.0.2.0/24" or "2001:db8::/32", as defined in // RFC 4632 and RFC 4291. // // It returns the IP address and the network implied by the IP and // prefix length. // For example, ParseCIDR("192.0.2.1/24") returns the IP address // 192.0.2.1 and the network 192.0.2.0/24. func ParseCIDR(s string) (IP, *IPNet, error) { addr, mask, found := stringslite.Cut(s, "/") if !found { return nil, nil, &ParseError{Type: "CIDR address", Text: s} } ipAddr, err := netip.ParseAddr(addr) if err != nil || ipAddr.Zone() != "" { return nil, nil, &ParseError{Type: "CIDR address", Text: s} } n, i, ok := dtoi(mask) if !ok || i != len(mask) || n < 0 || n > ipAddr.BitLen() { return nil, nil, &ParseError{Type: "CIDR address", Text: s} } m := CIDRMask(n, ipAddr.BitLen()) addr16 := ipAddr.As16() return IP(addr16[:]), &IPNet{IP: IP(addr16[:]).Mask(m), Mask: m}, nil } func copyIP(x IP) IP { y := make(IP, len(x)) copy(y, x) return y }