pluto and scepclient use the curl and ldap fetcher plugins
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id$
15 */
16
17 /*
18 * Note that the array sizes are all specified; this is to enable range
19 * checking by code that only includes constants.h.
20 */
21
22 #include <stddef.h>
23 #include <string.h>
24 #include <stdio.h>
25 #include <netinet/in.h>
26
27 #include <freeswan.h>
28 #include <ipsec_policy.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef SMARTCARD
42 " SMARTCARD"
43 #endif
44 #ifdef VENDORID
45 " VENDORID"
46 #endif
47 #ifdef CISCO_QUIRKS
48 " CISCO_QUIRKS"
49 #endif
50 #ifdef USE_KEYRR
51 " KEYRR"
52 #endif
53 ;
54
55 /* version */
56
57 static const char *const version_name[] = {
58 "ISAKMP Version 1.0",
59 };
60
61 enum_names version_names =
62 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
63 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
64 version_name, NULL };
65
66 /* RFC 2459 CRL reason codes */
67
68 ENUM(crl_reason_names, REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL,
69 "unspecified",
70 "key compromise",
71 "ca compromise",
72 "affiliation changed",
73 "superseded",
74 "cessation of operation",
75 "certificate hold",
76 "reason #7",
77 "remove from crl"
78 );
79
80 /* RFC 3706 Dead Peer Detection */
81
82 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
83 "none",
84 "clear",
85 "hold",
86 "restart"
87 );
88
89 /* Timer events */
90
91 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
92 "EVENT_NULL",
93 "EVENT_REINIT_SECRET",
94 "EVENT_SHUNT_SCAN",
95 "EVENT_SO_DISCARD",
96 "EVENT_RETRANSMIT",
97 "EVENT_SA_REPLACE",
98 "EVENT_SA_REPLACE_IF_USED",
99 "EVENT_SA_EXPIRE",
100 "EVENT_NAT_T_KEEPALIVE",
101 "EVENT_DPD",
102 "EVENT_DPD_TIMEOUT",
103 "EVENT_LOG_DAILY"
104 );
105
106 /* Domain of Interpretation */
107
108 static const char *const doi_name[] = {
109 "ISAKMP_DOI_ISAKMP",
110 "ISAKMP_DOI_IPSEC",
111 };
112
113 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
114
115 /* debugging settings: a set of selections for reporting
116 * These would be more naturally situated in log.h,
117 * but they are shared with whack.
118 * It turns out that "debug-" is clutter in all contexts this is used,
119 * so we leave it off.
120 */
121 #ifdef DEBUG
122 const char *const debug_bit_names[] = {
123 "raw",
124 "crypt",
125 "parsing",
126 "emitting",
127 "control",
128 "lifecycle",
129 "klips",
130 "dns",
131 "natt",
132 "oppo",
133 "controlmore",
134
135 "private",
136
137 "impair-delay-adns-key-answer",
138 "impair-delay-adns-txt-answer",
139 "impair-bust-mi2",
140 "impair-bust-mr2",
141
142 NULL
143 };
144 #endif
145
146 /* State of exchanges */
147
148 static const char *const state_name[] = {
149 "STATE_MAIN_R0",
150 "STATE_MAIN_I1",
151 "STATE_MAIN_R1",
152 "STATE_MAIN_I2",
153 "STATE_MAIN_R2",
154 "STATE_MAIN_I3",
155 "STATE_MAIN_R3",
156 "STATE_MAIN_I4",
157
158 "STATE_QUICK_R0",
159 "STATE_QUICK_I1",
160 "STATE_QUICK_R1",
161 "STATE_QUICK_I2",
162 "STATE_QUICK_R2",
163
164 "STATE_INFO",
165 "STATE_INFO_PROTECTED",
166
167 "STATE_XAUTH_I0",
168 "STATE_XAUTH_R1",
169 "STATE_XAUTH_I1",
170 "STATE_XAUTH_R2",
171 "STATE_XAUTH_I2",
172 "STATE_XAUTH_R3",
173
174 "STATE_MODE_CFG_R0",
175 "STATE_MODE_CFG_I1",
176 "STATE_MODE_CFG_R1",
177 "STATE_MODE_CFG_I2",
178
179 "STATE_MODE_CFG_I0",
180 "STATE_MODE_CFG_R3",
181 "STATE_MODE_CFG_I3",
182 "STATE_MODE_CFG_R4",
183
184 "STATE_IKE_ROOF"
185 };
186
187 enum_names state_names =
188 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
189
190 /* story for state */
191
192 const char *const state_story[] = {
193 "expecting MI1", /* STATE_MAIN_R0 */
194 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
195 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
196 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
197 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
198 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
199 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
200 "ISAKMP SA established", /* STATE_MAIN_I4 */
201
202 "expecting QI1", /* STATE_QUICK_R0 */
203 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
204 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
205 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
206 "IPsec SA established", /* STATE_QUICK_R2 */
207
208 "got Informational Message in clear", /* STATE_INFO */
209 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
210
211 "expecting XAUTH request", /* STATE_XAUTH_I0 */
212 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
213 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
214 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
215 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
216 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
217
218 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
219 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
220 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
221 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
222
223 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
224 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
225 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
226 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
227 };
228
229 /* kind of struct connection */
230
231 static const char *const connection_kind_name[] = {
232 "CK_GROUP", /* policy group: instantiates to template */
233 "CK_TEMPLATE", /* abstract connection, with wildcard */
234 "CK_PERMANENT", /* normal connection */
235 "CK_INSTANCE", /* instance of template, created for a particular attempt */
236 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
237 };
238
239 enum_names connection_kind_names =
240 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
241
242 /* routing status names */
243
244 static const char *const routing_story_strings[] = {
245 "unrouted", /* RT_UNROUTED: unrouted */
246 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
247 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
248 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
249 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
250 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
251 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
252 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
253 };
254
255 enum_names routing_story =
256 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
257
258 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
259
260 const char *const payload_name[] = {
261 "ISAKMP_NEXT_NONE",
262 "ISAKMP_NEXT_SA",
263 "ISAKMP_NEXT_P",
264 "ISAKMP_NEXT_T",
265 "ISAKMP_NEXT_KE",
266 "ISAKMP_NEXT_ID",
267 "ISAKMP_NEXT_CERT",
268 "ISAKMP_NEXT_CR",
269 "ISAKMP_NEXT_HASH",
270 "ISAKMP_NEXT_SIG",
271 "ISAKMP_NEXT_NONCE",
272 "ISAKMP_NEXT_N",
273 "ISAKMP_NEXT_D",
274 "ISAKMP_NEXT_VID",
275 "ISAKMP_NEXT_MODECFG",
276 "ISAKMP_NEXT_15",
277 "ISAKMP_NEXT_16",
278 "ISAKMP_NEXT_17",
279 "ISAKMP_NEXT_18",
280 "ISAKMP_NEXT_19",
281 "ISAKMP_NEXT_NAT-D",
282 "ISAKMP_NEXT_NAT-OA",
283 NULL
284 };
285
286 const char *const payload_name_nat_d[] = {
287 "ISAKMP_NEXT_NAT-D",
288 "ISAKMP_NEXT_NAT-OA", NULL
289 };
290
291 static enum_names payload_names_nat_d =
292 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
293
294 enum_names payload_names =
295 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
296
297 /* Exchange types (note: two discontinuous ranges) */
298
299 static const char *const exchange_name[] = {
300 "ISAKMP_XCHG_NONE",
301 "ISAKMP_XCHG_BASE",
302 "ISAKMP_XCHG_IDPROT",
303 "ISAKMP_XCHG_AO",
304 "ISAKMP_XCHG_AGGR",
305 "ISAKMP_XCHG_INFO",
306 "ISAKMP_XCHG_MODE_CFG",
307 };
308
309 static const char *const exchange_name2[] = {
310 "ISAKMP_XCHG_QUICK",
311 "ISAKMP_XCHG_NGRP",
312 "ISAKMP_XCHG_ACK_INFO",
313 };
314
315 static enum_names exchange_desc2 =
316 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
317
318 enum_names exchange_names =
319 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
320
321 /* Flag BITS */
322 const char *const flag_bit_names[] = {
323 "ISAKMP_FLAG_ENCRYPTION",
324 "ISAKMP_FLAG_COMMIT",
325 NULL
326 };
327
328 /* Situation BITS definition for IPsec DOI */
329
330 const char *const sit_bit_names[] = {
331 "SIT_IDENTITY_ONLY",
332 "SIT_SECRECY",
333 "SIT_INTEGRITY",
334 NULL
335 };
336
337 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
338
339 static const char *const protocol_name[] = {
340 "PROTO_ISAKMP",
341 "PROTO_IPSEC_AH",
342 "PROTO_IPSEC_ESP",
343 "PROTO_IPCOMP",
344 };
345
346 enum_names protocol_names =
347 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
348
349 /* IPsec ISAKMP transform values */
350
351 static const char *const isakmp_transform_name[] = {
352 "KEY_IKE",
353 };
354
355 enum_names isakmp_transformid_names =
356 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
357
358 /* IPsec AH transform values */
359
360 static const char *const ah_transform_name[] = {
361 "AH_MD5",
362 "AH_SHA",
363 "AH_DES",
364 "AH_SHA2_256",
365 "AH_SHA2_384",
366 "AH_SHA2_512",
367 "AH_RIPEMD",
368 "AH_AES_XCBC_MAC",
369 "AH_RSA"
370 };
371
372 enum_names ah_transformid_names =
373 { AH_MD5, AH_RSA, ah_transform_name, NULL };
374
375 /* IPsec ESP transform values */
376
377 static const char *const esp_transform_name[] = {
378 "ESP_DES_IV64",
379 "ESP_DES",
380 "ESP_3DES",
381 "ESP_RC5",
382 "ESP_IDEA",
383 "ESP_CAST",
384 "ESP_BLOWFISH",
385 "ESP_3IDEA",
386 "ESP_DES_IV32",
387 "ESP_RC4",
388 "ESP_NULL",
389 "ESP_AES",
390 "ESP_AES-CTR",
391 "ESP_AES-CCM_8",
392 "ESP_AES-CCM_12",
393 "ESP_AES-CCM_16",
394 "ESP_UNASSIGNED_17",
395 "ESP_AES_GCM_8",
396 "ESP_AES_GCM_12",
397 "ESP_AES_GCM_16",
398 "ESP_SEED_CBC",
399 "ESP_CAMELLIA"
400 };
401
402 /*
403 * ipsec drafts suggest "high" ESP ids values for testing,
404 * assign generic ESP_ID<num> if not officially defined
405 */
406 static const char *const esp_transform_name_high[] = {
407 "ESP_SERPENT",
408 "ESP_TWOFISH"
409 };
410
411 enum_names esp_transformid_names_high =
412 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
413
414 enum_names esp_transformid_names =
415 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
416
417 /* IPCOMP transform values */
418
419 static const char *const ipcomp_transform_name[] = {
420 "IPCOMP_OUI",
421 "IPCOMP_DEFLAT",
422 "IPCOMP_LZS",
423 "IPCOMP_LZJH",
424 };
425
426 enum_names ipcomp_transformid_names =
427 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
428
429 /* Identification type values */
430
431 static const char *const ident_name[] = {
432 "ID_IPV4_ADDR",
433 "ID_FQDN",
434 "ID_USER_FQDN",
435 "ID_IPV4_ADDR_SUBNET",
436 "ID_IPV6_ADDR",
437 "ID_IPV6_ADDR_SUBNET",
438 "ID_IPV4_ADDR_RANGE",
439 "ID_IPV6_ADDR_RANGE",
440 "ID_DER_ASN1_DN",
441 "ID_DER_ASN1_GN",
442 "ID_KEY_ID",
443 };
444
445 enum_names ident_names =
446 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
447
448 /* Certificate type values */
449
450 static const char *const cert_type_name[] = {
451 "CERT_NONE",
452 "CERT_PKCS7_WRAPPED_X509",
453 "CERT_PGP",
454 "CERT_DNS_SIGNED_KEY",
455 "CERT_X509_SIGNATURE",
456 "CERT_X509_KEY_EXCHANGE",
457 "CERT_KERBEROS_TOKENS",
458 "CERT_CRL",
459 "CERT_ARL",
460 "CERT_SPKI",
461 "CERT_X509_ATTRIBUTE",
462 };
463
464 enum_names cert_type_names =
465 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
466
467 /* Certificate policy names */
468
469 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
470 "ALWAYS_SEND",
471 "SEND_IF_ASKED",
472 "NEVER_SEND",
473 );
474
475 /* Goal BITs for establishing an SA
476 * Note: we drop the POLICY_ prefix so that logs are more concise.
477 */
478
479 const char *const sa_policy_bit_names[] = {
480 "PSK",
481 "RSASIG",
482 "ENCRYPT",
483 "AUTHENTICATE",
484 "COMPRESS",
485 "TUNNEL",
486 "PFS",
487 "DISABLEARRIVALCHECK",
488 "SHUNT0",
489 "SHUNT1",
490 "FAILSHUNT0",
491 "FAILSHUNT1",
492 "DONTREKEY",
493 "OPPORTUNISTIC",
494 "GROUP",
495 "GROUTED",
496 "UP",
497 "MODECFGPUSH",
498 "XAUTHPSK",
499 "XAUTHRSASIG",
500 "XAUTHSERVER",
501 "DONTREAUTH",
502 "BEET",
503 "MOBIKE",
504 "ECDSA",
505 "PROXY",
506 NULL
507 };
508
509 const char *const policy_shunt_names[4] = {
510 "TRAP",
511 "PASS",
512 "DROP",
513 "REJECT",
514 };
515
516 const char *const policy_fail_names[4] = {
517 "NONE",
518 "PASS",
519 "DROP",
520 "REJECT",
521 };
522
523 /* Oakley transform attributes
524 * oakley_attr_bit_names does double duty: it is used for enum names
525 * and bit names.
526 */
527
528 const char *const oakley_attr_bit_names[] = {
529 "OAKLEY_ENCRYPTION_ALGORITHM",
530 "OAKLEY_HASH_ALGORITHM",
531 "OAKLEY_AUTHENTICATION_METHOD",
532 "OAKLEY_GROUP_DESCRIPTION",
533 "OAKLEY_GROUP_TYPE",
534 "OAKLEY_GROUP_PRIME",
535 "OAKLEY_GROUP_GENERATOR_ONE",
536 "OAKLEY_GROUP_GENERATOR_TWO",
537 "OAKLEY_GROUP_CURVE_A",
538 "OAKLEY_GROUP_CURVE_B",
539 "OAKLEY_LIFE_TYPE",
540 "OAKLEY_LIFE_DURATION",
541 "OAKLEY_PRF",
542 "OAKLEY_KEY_LENGTH",
543 "OAKLEY_FIELD_SIZE",
544 "OAKLEY_GROUP_ORDER",
545 "OAKLEY_BLOCK_SIZE",
546 NULL
547 };
548
549 static const char *const oakley_var_attr_name[] = {
550 "OAKLEY_GROUP_PRIME (variable length)",
551 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
552 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
553 "OAKLEY_GROUP_CURVE_A (variable length)",
554 "OAKLEY_GROUP_CURVE_B (variable length)",
555 NULL,
556 "OAKLEY_LIFE_DURATION (variable length)",
557 NULL,
558 NULL,
559 NULL,
560 "OAKLEY_GROUP_ORDER (variable length)",
561 };
562
563 static enum_names oakley_attr_desc_tv = {
564 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
565 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
566
567 enum_names oakley_attr_names = {
568 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
569 oakley_var_attr_name, &oakley_attr_desc_tv };
570
571 /* for each Oakley attribute, which enum_names describes its values? */
572 enum_names *oakley_attr_val_descs[] = {
573 NULL, /* (none) */
574 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
575 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
576 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
577 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
578 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
579 NULL, /* OAKLEY_GROUP_PRIME */
580 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
581 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
582 NULL, /* OAKLEY_GROUP_CURVE_A */
583 NULL, /* OAKLEY_GROUP_CURVE_B */
584 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
585 NULL, /* OAKLEY_LIFE_DURATION */
586 &oakley_prf_names, /* OAKLEY_PRF */
587 NULL, /* OAKLEY_KEY_LENGTH */
588 NULL, /* OAKLEY_FIELD_SIZE */
589 NULL, /* OAKLEY_GROUP_ORDER */
590 };
591
592 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
593
594 static const char *const ipsec_attr_name[] = {
595 "SA_LIFE_TYPE",
596 "SA_LIFE_DURATION",
597 "GROUP_DESCRIPTION",
598 "ENCAPSULATION_MODE",
599 "AUTH_ALGORITHM",
600 "KEY_LENGTH",
601 "KEY_ROUNDS",
602 "COMPRESS_DICT_SIZE",
603 "COMPRESS_PRIVATE_ALG",
604 };
605
606 static const char *const ipsec_var_attr_name[] = {
607 "SA_LIFE_DURATION (variable length)",
608 NULL,
609 NULL,
610 NULL,
611 NULL,
612 NULL,
613 NULL,
614 "COMPRESS_PRIVATE_ALG (variable length)",
615 };
616
617 static enum_names ipsec_attr_desc_tv = {
618 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
619 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
620 ipsec_attr_name, NULL };
621
622 enum_names ipsec_attr_names = {
623 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
624 ipsec_var_attr_name, &ipsec_attr_desc_tv };
625
626 /* for each IPsec attribute, which enum_names describes its values? */
627 enum_names *ipsec_attr_val_descs[] = {
628 NULL, /* (none) */
629 &sa_lifetime_names, /* SA_LIFE_TYPE */
630 NULL, /* SA_LIFE_DURATION */
631 &oakley_group_names, /* GROUP_DESCRIPTION */
632 &enc_mode_names, /* ENCAPSULATION_MODE */
633 &auth_alg_names, /* AUTH_ALGORITHM */
634 NULL, /* KEY_LENGTH */
635 NULL, /* KEY_ROUNDS */
636 NULL, /* COMPRESS_DICT_SIZE */
637 NULL, /* COMPRESS_PRIVATE_ALG */
638 };
639
640 /* SA Lifetime Type attribute */
641
642 static const char *const sa_lifetime_name[] = {
643 "SA_LIFE_TYPE_SECONDS",
644 "SA_LIFE_TYPE_KBYTES",
645 };
646
647 enum_names sa_lifetime_names =
648 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
649
650 /* Encapsulation Mode attribute */
651
652 static const char *const enc_mode_name[] = {
653 "ENCAPSULATION_MODE_TUNNEL",
654 "ENCAPSULATION_MODE_TRANSPORT",
655 "ENCAPSULATION_MODE_UDP_TUNNEL",
656 "ENCAPSULATION_MODE_UDP_TRANSPORT",
657 };
658
659 static const char *const enc_udp_mode_name[] = {
660 "ENCAPSULATION_MODE_UDP_TUNNEL",
661 "ENCAPSULATION_MODE_UDP_TRANSPORT",
662 };
663
664 static enum_names enc_udp_mode_names =
665 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
666
667 enum_names enc_mode_names =
668 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
669
670 /* Auth Algorithm attribute */
671
672 static const char *const auth_alg_name[] = {
673 "AUTH_ALGORITHM_HMAC_MD5",
674 "AUTH_ALGORITHM_HMAC_SHA1",
675 "AUTH_ALGORITHM_DES_MAC",
676 "AUTH_ALGORITHM_KPDK",
677 "AUTH_ALGORITHM_HMAC_SHA2_256",
678 "AUTH_ALGORITHM_HMAC_SHA2_384",
679 "AUTH_ALGORITHM_HMAC_SHA2_512",
680 "AUTH_ALGORITHM_HMAC_RIPEMD",
681 "AUTH_ALGORITHM_AES_XCBC_MAC",
682 "AUTH_ALGORITHM_SIG_RSA"
683 };
684
685 static const char *const extended_auth_alg_name[] = {
686 "AUTH_ALGORITHM_NULL"
687 };
688
689 enum_names extended_auth_alg_names =
690 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
691
692 enum_names auth_alg_names =
693 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
694 , &extended_auth_alg_names };
695
696 /* From draft-beaulieu-ike-xauth */
697 static const char *const xauth_type_name[] = {
698 "Generic",
699 "RADIUS-CHAP",
700 "OTP",
701 "S/KEY",
702 };
703
704 enum_names xauth_type_names =
705 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
706
707 /* From draft-beaulieu-ike-xauth */
708 static const char *const xauth_attr_tv_name[] = {
709 "XAUTH_TYPE",
710 NULL,
711 NULL,
712 NULL,
713 NULL,
714 NULL,
715 NULL,
716 "XAUTH_STATUS",
717 };
718
719 enum_names xauth_attr_tv_names = {
720 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
721 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
722
723 static const char *const unity_attr_name[] = {
724 "UNITY_BANNER",
725 "UNITY_SAVE_PASSWD",
726 "UNITY_DEF_DOMAIN",
727 "UNITY_SPLITDNS_NAME",
728 "UNITY_SPLIT_INCLUDE",
729 "UNITY_NATT_PORT",
730 "UNITY_LOCAL_LAN",
731 "UNITY_PFS",
732 "UNITY_FW_TYPE",
733 "UNITY_BACKUP_SERVERS",
734 "UNITY_DDNS_HOSTNAME",
735 };
736
737 enum_names unity_attr_names =
738 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
739
740 static const char *const microsoft_attr_name[] = {
741 "INTERNAL_IP4_SERVER",
742 "INTERNAL_IP6_SERVER",
743 };
744
745 enum_names microsoft_attr_names =
746 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
747
748 static const char *const xauth_attr_name[] = {
749 "XAUTH_USER_NAME",
750 "XAUTH_USER_PASSWORD",
751 "XAUTH_PASSCODE",
752 "XAUTH_MESSAGE",
753 "XAUTH_CHALLENGE",
754 "XAUTH_DOMAIN",
755 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
756 "XAUTH_NEXT_PIN",
757 "XAUTH_ANSWER",
758 };
759
760 enum_names xauth_attr_names =
761 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
762
763 static const char *const modecfg_attr_name[] = {
764 "INTERNAL_IP4_ADDRESS",
765 "INTERNAL_IP4_NETMASK",
766 "INTERNAL_IP4_DNS",
767 "INTERNAL_IP4_NBNS",
768 "INTERNAL_ADDRESS_EXPIRY",
769 "INTERNAL_IP4_DHCP",
770 "APPLICATION_VERSION",
771 "INTERNAL_IP6_ADDRESS",
772 "INTERNAL_IP6_NETMASK",
773 "INTERNAL_IP6_DNS",
774 "INTERNAL_IP6_NBNS",
775 "INTERNAL_IP6_DHCP",
776 "INTERNAL_IP4_SUBNET",
777 "SUPPORTED_ATTRIBUTES",
778 "INTERNAL_IP6_SUBNET",
779 };
780
781 enum_names modecfg_attr_names =
782 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
783
784 /* Oakley Lifetime Type attribute */
785
786 static const char *const oakley_lifetime_name[] = {
787 "OAKLEY_LIFE_SECONDS",
788 "OAKLEY_LIFE_KILOBYTES",
789 };
790
791 enum_names oakley_lifetime_names =
792 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
793
794 /* Oakley PRF attribute (none defined) */
795
796 enum_names oakley_prf_names =
797 { 1, 0, NULL, NULL };
798
799 /* Oakley Encryption Algorithm attribute */
800
801 static const char *const oakley_enc_name[] = {
802 "OAKLEY_DES_CBC",
803 "OAKLEY_IDEA_CBC",
804 "OAKLEY_BLOWFISH_CBC",
805 "OAKLEY_RC5_R16_B64_CBC",
806 "OAKLEY_3DES_CBC",
807 "OAKLEY_CAST_CBC",
808 "OAKLEY_AES_CBC",
809 };
810
811 #ifdef NO_EXTRA_IKE
812 enum_names oakley_enc_names =
813 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name, NULL };
814 #else
815 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
816 "OAKLEY_MARS_CBC" /* 65001 */,
817 "OAKLEY_RC6_CBC" /* 65002 */,
818 "OAKLEY_ID_65003" /* 65003 */,
819 "OAKLEY_SERPENT_CBC" /* 65004 */,
820 "OAKLEY_TWOFISH_CBC" /* 65005 */,
821 };
822
823 static const char *const oakley_enc_name_ssh[] = {
824 "OAKLEY_TWOFISH_CBC_SSH",
825 };
826
827 enum_names oakley_enc_names_ssh =
828 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
829 , NULL };
830
831 enum_names oakley_enc_names_draft_aes_cbc_02 =
832 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
833 , &oakley_enc_names_ssh };
834
835 enum_names oakley_enc_names =
836 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name
837 , &oakley_enc_names_draft_aes_cbc_02 };
838 #endif
839
840 /* Oakley Hash Algorithm attribute */
841
842 static const char *const oakley_hash_name[] = {
843 "OAKLEY_MD5",
844 "OAKLEY_SHA",
845 "OAKLEY_TIGER",
846 "OAKLEY_SHA2_256",
847 "OAKLEY_SHA2_384",
848 "OAKLEY_SHA2_512",
849 };
850
851 enum_names oakley_hash_names =
852 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
853
854 /* Oakley Authentication Method attribute */
855
856 static const char *const oakley_auth_name1[] = {
857 "OAKLEY_PRESHARED_KEY",
858 "OAKLEY_DSS_SIG",
859 "OAKLEY_RSA_SIG",
860 "OAKLEY_RSA_ENC",
861 "OAKLEY_RSA_ENC_REV",
862 "OAKLEY_ELGAMAL_ENC",
863 "OAKLEY_ELGAMAL_ENC_REV",
864 };
865
866 static const char *const oakley_auth_name2[] = {
867 "HybridInitRSA",
868 "HybridRespRSA",
869 "HybridInitDSS",
870 "HybridRespDSS",
871 };
872
873 static const char *const oakley_auth_name3[] = {
874 "XAUTHInitPreShared",
875 "XAUTHRespPreShared",
876 "XAUTHInitDSS",
877 "XAUTHRespDSS",
878 "XAUTHInitRSA",
879 "XAUTHRespRSA",
880 "XAUTHInitRSAEncryption",
881 "XAUTHRespRSAEncryption",
882 "XAUTHInitRSARevisedEncryption",
883 "XAUTHRespRSARevisedEncryption",
884 };
885
886 static enum_names oakley_auth_names1 =
887 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
888 , oakley_auth_name1, NULL };
889
890 static enum_names oakley_auth_names2 =
891 { HybridInitRSA, HybridRespDSS
892 , oakley_auth_name2, &oakley_auth_names1 };
893
894 enum_names oakley_auth_names =
895 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
896 , oakley_auth_name3, &oakley_auth_names2 };
897
898 /* Oakley Group Description attribute */
899
900 static const char *const oakley_group_name[] = {
901 "OAKLEY_GROUP_MODP768",
902 "OAKLEY_GROUP_MODP1024",
903 "OAKLEY_GROUP_GP155",
904 "OAKLEY_GROUP_GP185",
905 "OAKLEY_GROUP_MODP1536",
906 };
907
908 static const char *const oakley_group_name_rfc3526[] = {
909 "OAKLEY_GROUP_MODP2048",
910 "OAKLEY_GROUP_MODP3072",
911 "OAKLEY_GROUP_MODP4096",
912 "OAKLEY_GROUP_MODP6144",
913 "OAKLEY_GROUP_MODP8192"
914 };
915
916 enum_names oakley_group_names_rfc3526 =
917 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
918 oakley_group_name_rfc3526, NULL };
919
920 enum_names oakley_group_names =
921 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
922 oakley_group_name, &oakley_group_names_rfc3526 };
923
924 /* Oakley Group Type attribute */
925
926 static const char *const oakley_group_type_name[] = {
927 "OAKLEY_GROUP_TYPE_MODP",
928 "OAKLEY_GROUP_TYPE_ECP",
929 "OAKLEY_GROUP_TYPE_EC2N",
930 };
931
932 enum_names oakley_group_type_names =
933 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
934
935 /* Notify messages -- error types */
936
937 static const char *const notification_name[] = {
938 "INVALID_PAYLOAD_TYPE",
939 "DOI_NOT_SUPPORTED",
940 "SITUATION_NOT_SUPPORTED",
941 "INVALID_COOKIE",
942 "INVALID_MAJOR_VERSION",
943 "INVALID_MINOR_VERSION",
944 "INVALID_EXCHANGE_TYPE",
945 "INVALID_FLAGS",
946 "INVALID_MESSAGE_ID",
947 "INVALID_PROTOCOL_ID",
948 "INVALID_SPI",
949 "INVALID_TRANSFORM_ID",
950 "ATTRIBUTES_NOT_SUPPORTED",
951 "NO_PROPOSAL_CHOSEN",
952 "BAD_PROPOSAL_SYNTAX",
953 "PAYLOAD_MALFORMED",
954 "INVALID_KEY_INFORMATION",
955 "INVALID_ID_INFORMATION",
956 "INVALID_CERT_ENCODING",
957 "INVALID_CERTIFICATE",
958 "CERT_TYPE_UNSUPPORTED",
959 "INVALID_CERT_AUTHORITY",
960 "INVALID_HASH_INFORMATION",
961 "AUTHENTICATION_FAILED",
962 "INVALID_SIGNATURE",
963 "ADDRESS_NOTIFICATION",
964 "NOTIFY_SA_LIFETIME",
965 "CERTIFICATE_UNAVAILABLE",
966 "UNSUPPORTED_EXCHANGE_TYPE",
967 "UNEQUAL_PAYLOAD_LENGTHS",
968 };
969
970 static const char *const notification_status_name[] = {
971 "CONNECTED",
972 };
973
974 static const char *const ipsec_notification_name[] = {
975 "IPSEC_RESPONDER_LIFETIME",
976 "IPSEC_REPLAY_STATUS",
977 "IPSEC_INITIAL_CONTACT",
978 };
979
980 static const char *const notification_dpd_name[] = {
981 "R_U_THERE",
982 "R_U_THERE_ACK",
983 };
984
985 enum_names notification_dpd_names =
986 { R_U_THERE, R_U_THERE_ACK,
987 notification_dpd_name, NULL };
988
989 enum_names ipsec_notification_names =
990 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
991 ipsec_notification_name, &notification_dpd_names };
992
993 enum_names notification_status_names =
994 { CONNECTED, CONNECTED,
995 notification_status_name, &ipsec_notification_names };
996
997 enum_names notification_names =
998 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
999 notification_name, &notification_status_names };
1000
1001 /* MODECFG
1002 * From draft-dukes-ike-mode-cfg
1003 */
1004 const char *const attr_msg_type_name[] = {
1005 "ISAKMP_CFG_RESERVED",
1006 "ISAKMP_CFG_REQUEST",
1007 "ISAKMP_CFG_REPLY",
1008 "ISAKMP_CFG_SET",
1009 "ISAKMP_CFG_ACK",
1010 NULL
1011 };
1012
1013 enum_names attr_msg_type_names =
1014 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1015
1016 /* socket address family info */
1017
1018 static const char *const af_inet_name[] = {
1019 "AF_INET",
1020 };
1021
1022 static const char *const af_inet6_name[] = {
1023 "AF_INET6",
1024 };
1025
1026 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1027
1028 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1029
1030 static ip_address ipv4_any, ipv6_any;
1031 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1032 static ip_subnet ipv4_all, ipv6_all;
1033
1034 const struct af_info af_inet4_info = {
1035 AF_INET,
1036 "AF_INET",
1037 sizeof(struct in_addr),
1038 sizeof(struct sockaddr_in),
1039 32,
1040 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1041 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1042 };
1043
1044 const struct af_info af_inet6_info = {
1045 AF_INET6,
1046 "AF_INET6",
1047 sizeof(struct in6_addr),
1048 sizeof(struct sockaddr_in6),
1049 128,
1050 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1051 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1052 };
1053
1054 const struct af_info *
1055 aftoinfo(int af)
1056 {
1057 switch (af)
1058 {
1059 case AF_INET:
1060 return &af_inet4_info;
1061 case AF_INET6:
1062 return &af_inet6_info;
1063 default:
1064 return NULL;
1065 }
1066 }
1067
1068 bool
1069 subnetisnone(const ip_subnet *sn)
1070 {
1071 ip_address base;
1072
1073 networkof(sn, &base);
1074 return isanyaddr(&base) && subnetishost(sn);
1075 }
1076
1077 /* BIND enumerated types */
1078
1079 #include <arpa/nameser.h>
1080
1081 static const char *const rr_type_name[] = {
1082 "T_A", /* 1 host address */
1083 "T_NS", /* 2 authoritative server */
1084 "T_MD", /* 3 mail destination */
1085 "T_MF", /* 4 mail forwarder */
1086 "T_CNAME", /* 5 canonical name */
1087 "T_SOA", /* 6 start of authority zone */
1088 "T_MB", /* 7 mailbox domain name */
1089 "T_MG", /* 8 mail group member */
1090 "T_MR", /* 9 mail rename name */
1091 "T_NULL", /* 10 null resource record */
1092 "T_WKS", /* 11 well known service */
1093 "T_PTR", /* 12 domain name pointer */
1094 "T_HINFO", /* 13 host information */
1095 "T_MINFO", /* 14 mailbox information */
1096 "T_MX", /* 15 mail routing information */
1097 "T_TXT", /* 16 text strings */
1098 "T_RP", /* 17 responsible person */
1099 "T_AFSDB", /* 18 AFS cell database */
1100 "T_X25", /* 19 X_25 calling address */
1101 "T_ISDN", /* 20 ISDN calling address */
1102 "T_RT", /* 21 router */
1103 "T_NSAP", /* 22 NSAP address */
1104 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1105 "T_SIG", /* 24 security signature */
1106 "T_KEY", /* 25 security key */
1107 "T_PX", /* 26 X.400 mail mapping */
1108 "T_GPOS", /* 27 geographical position (withdrawn) */
1109 "T_AAAA", /* 28 IP6 Address */
1110 "T_LOC", /* 29 Location Information */
1111 "T_NXT", /* 30 Next Valid Name in Zone */
1112 "T_EID", /* 31 Endpoint identifier */
1113 "T_NIMLOC", /* 32 Nimrod locator */
1114 "T_SRV", /* 33 Server selection */
1115 "T_ATMA", /* 34 ATM Address */
1116 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1117 NULL
1118 };
1119
1120 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1121
1122 /* Query type values which do not appear in resource records */
1123 static const char *const rr_qtype_name[] = {
1124 "T_IXFR", /* 251 incremental zone transfer */
1125 "T_AXFR", /* 252 transfer zone of authority */
1126 "T_MAILB", /* 253 transfer mailbox records */
1127 "T_MAILA", /* 254 transfer mail agent records */
1128 "T_ANY", /* 255 wildcard match */
1129 NULL
1130 };
1131
1132 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1133
1134 static const char *const rr_class_name[] = {
1135 "C_IN", /* 1 the arpa internet */
1136 NULL
1137 };
1138
1139 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1140
1141 /*
1142 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1143 *
1144 */
1145 const char *const natt_type_bitnames[] = {
1146 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1147 "draft-ietf-ipsec-nat-t-ike-02/03",
1148 "RFC 3947",
1149 "3", /* 3 */
1150 "4", "5", "6", "7",
1151 "8", "9", "10", "11",
1152 "12", "13", "14", "15",
1153 "16", "17", "18", "19",
1154 "20", "21", "22", "23",
1155 "24", "25", "26", "27",
1156 "28", "29",
1157 "nat is behind me",
1158 "nat is behind peer"
1159 };
1160
1161 /* look up enum names in an enum_names */
1162
1163 const char *
1164 enum_name(enum_names *ed, unsigned long val)
1165 {
1166 enum_names *p;
1167
1168 for (p = ed; p != NULL; p = p->en_next_range)
1169 {
1170 if (p->en_first <= val && val <= p->en_last)
1171 return p->en_names[val - p->en_first];
1172 }
1173 return NULL;
1174 }
1175
1176 /* find or construct a string to describe an enum value
1177 * Result may be in STATIC buffer!
1178 */
1179 const char *
1180 enum_show(enum_names *ed, unsigned long val)
1181 {
1182 const char *p = enum_name(ed, val);
1183
1184 if (p == NULL)
1185 {
1186 static char buf[12]; /* only one! I hope that it is big enough */
1187
1188 snprintf(buf, sizeof(buf), "%lu??", val);
1189 p = buf;
1190 }
1191 return p;
1192 }
1193
1194
1195 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1196
1197 int
1198 enum_search(enum_names *ed, const char *str)
1199 {
1200 enum_names *p;
1201 const char *ptr;
1202 unsigned en;
1203
1204 for (p = ed; p != NULL; p = p->en_next_range)
1205 {
1206 for (en = p->en_first; en <= p->en_last ;en++)
1207 {
1208 ptr = p->en_names[en - p->en_first];
1209 if (ptr == 0)
1210 {
1211 continue;
1212 }
1213 if (streq(ptr, str))
1214 {
1215 return en;
1216 }
1217 }
1218 }
1219 return -1;
1220 }
1221
1222 /* construct a string to name the bits on in a set
1223 * Result may be in STATIC buffer!
1224 * Note: prettypolicy depends on internal details.
1225 */
1226 const char *
1227 bitnamesof(const char *const table[], lset_t val)
1228 {
1229 char *p = bitnamesbuf;
1230 lset_t bit;
1231 const char *const *tp;
1232
1233 if (val == 0)
1234 return "none";
1235
1236 for (tp = table, bit = 01; val != 0; bit <<= 1)
1237 {
1238 if (val & bit)
1239 {
1240 const char *n = *tp;
1241 size_t nl;
1242
1243 if (n == NULL || *n == '\0')
1244 {
1245 /* no name for this bit, so use hex */
1246 static char flagbuf[sizeof("0x80000000")];
1247
1248 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1249 n = flagbuf;
1250 }
1251
1252 nl = strlen(n);
1253
1254 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1255 *p++ = '+';
1256
1257 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1258 {
1259 strcpy(p, n);
1260 p += nl;
1261 }
1262 val -= bit;
1263 }
1264 if (*tp != NULL)
1265 tp++; /* move on, but not past end */
1266 }
1267 *p = '\0';
1268 return bitnamesbuf;
1269 }
1270
1271 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1272 * Suppress the shunt and fail fields if 0.
1273 */
1274 const char *
1275 prettypolicy(lset_t policy)
1276 {
1277 const char *bn = bitnamesof(sa_policy_bit_names
1278 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1279 size_t len;
1280 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1281 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1282
1283 if (bn != bitnamesbuf)
1284 bitnamesbuf[0] = '\0';
1285 len = strlen(bitnamesbuf);
1286 if (shunt != 0)
1287 {
1288 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1289 , policy_shunt_names[shunt]);
1290 len += strlen(bitnamesbuf + len);
1291 }
1292 if (fail != 0)
1293 {
1294 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1295 , policy_fail_names[fail]);
1296 len += strlen(bitnamesbuf + len);
1297 }
1298 if (NEVER_NEGOTIATE(policy))
1299 {
1300 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1301 len += strlen(bitnamesbuf + len);
1302 }
1303 return bitnamesbuf;
1304 }
1305
1306 /* test a set by seeing if all bits have names */
1307
1308 bool
1309 testset(const char *const table[], lset_t val)
1310 {
1311 lset_t bit;
1312 const char *const *tp;
1313
1314 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1315 {
1316 const char *n = *tp;
1317
1318 if (n == NULL || ((val & bit) && *n == '\0'))
1319 return FALSE;
1320 val &= ~bit;
1321 }
1322 return TRUE;
1323 }
1324
1325
1326 const char sparse_end[] = "end of sparse names";
1327
1328 /* look up enum names in a sparse_names */
1329 const char *sparse_name(sparse_names sd, unsigned long val)
1330 {
1331 const struct sparse_name *p;
1332
1333 for (p = sd; p->name != sparse_end; p++)
1334 if (p->val == val)
1335 return p->name;
1336 return NULL;
1337 }
1338
1339 /* find or construct a string to describe an sparse value
1340 * Result may be in STATIC buffer!
1341 */
1342 const char *
1343 sparse_val_show(sparse_names sd, unsigned long val)
1344 {
1345 const char *p = sparse_name(sd, val);
1346
1347 if (p == NULL)
1348 {
1349 static char buf[12]; /* only one! I hope that it is big enough */
1350
1351 snprintf(buf, sizeof(buf), "%lu??", val);
1352 p = buf;
1353 }
1354 return p;
1355 }
1356
1357 void init_constants(void)
1358 {
1359 happy(anyaddr(AF_INET, &ipv4_any));
1360 happy(anyaddr(AF_INET6, &ipv6_any));
1361
1362 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1363 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1364
1365 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1366 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1367 }