support of ESP AES_XCBC_96
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 /*
16 * Note that the array sizes are all specified; this is to enable range
17 * checking by code that only includes constants.h.
18 */
19
20 #include <stddef.h>
21 #include <string.h>
22 #include <stdio.h>
23 #include <netinet/in.h>
24
25 #include <freeswan.h>
26 #include <ipsec_policy.h>
27
28 #include "constants.h"
29 #include "defs.h"
30 #include "log.h"
31 #include "packet.h"
32
33 /* string naming compile-time options that have interop implications */
34
35 const char compile_time_interop_options[] = ""
36 #ifdef THREADS
37 " THREADS"
38 #endif
39 #ifdef SMARTCARD
40 " SMARTCARD"
41 #endif
42 #ifdef VENDORID
43 " VENDORID"
44 #endif
45 #ifdef CISCO_QUIRKS
46 " CISCO_QUIRKS"
47 #endif
48 #ifdef USE_KEYRR
49 " KEYRR"
50 #endif
51 ;
52
53 /* version */
54
55 static const char *const version_name[] = {
56 "ISAKMP Version 1.0",
57 };
58
59 enum_names version_names =
60 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
61 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
62 version_name, NULL };
63
64 /* RFC 2459 CRL reason codes */
65
66 ENUM(crl_reason_names, REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL,
67 "unspecified",
68 "key compromise",
69 "ca compromise",
70 "affiliation changed",
71 "superseded",
72 "cessation of operation",
73 "certificate hold",
74 "reason #7",
75 "remove from crl"
76 );
77
78 /* RFC 3706 Dead Peer Detection */
79
80 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
81 "none",
82 "clear",
83 "hold",
84 "restart"
85 );
86
87 /* Timer events */
88
89 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
90 "EVENT_NULL",
91 "EVENT_REINIT_SECRET",
92 "EVENT_SHUNT_SCAN",
93 "EVENT_SO_DISCARD",
94 "EVENT_RETRANSMIT",
95 "EVENT_SA_REPLACE",
96 "EVENT_SA_REPLACE_IF_USED",
97 "EVENT_SA_EXPIRE",
98 "EVENT_NAT_T_KEEPALIVE",
99 "EVENT_DPD",
100 "EVENT_DPD_TIMEOUT",
101 "EVENT_LOG_DAILY"
102 );
103
104 /* Domain of Interpretation */
105
106 static const char *const doi_name[] = {
107 "ISAKMP_DOI_ISAKMP",
108 "ISAKMP_DOI_IPSEC",
109 };
110
111 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
112
113 /* debugging settings: a set of selections for reporting
114 * These would be more naturally situated in log.h,
115 * but they are shared with whack.
116 * It turns out that "debug-" is clutter in all contexts this is used,
117 * so we leave it off.
118 */
119 #ifdef DEBUG
120 const char *const debug_bit_names[] = {
121 "raw",
122 "crypt",
123 "parsing",
124 "emitting",
125 "control",
126 "lifecycle",
127 "klips",
128 "dns",
129 "natt",
130 "oppo",
131 "controlmore",
132
133 "private",
134
135 "impair-delay-adns-key-answer",
136 "impair-delay-adns-txt-answer",
137 "impair-bust-mi2",
138 "impair-bust-mr2",
139
140 NULL
141 };
142 #endif
143
144 /* State of exchanges */
145
146 static const char *const state_name[] = {
147 "STATE_MAIN_R0",
148 "STATE_MAIN_I1",
149 "STATE_MAIN_R1",
150 "STATE_MAIN_I2",
151 "STATE_MAIN_R2",
152 "STATE_MAIN_I3",
153 "STATE_MAIN_R3",
154 "STATE_MAIN_I4",
155
156 "STATE_QUICK_R0",
157 "STATE_QUICK_I1",
158 "STATE_QUICK_R1",
159 "STATE_QUICK_I2",
160 "STATE_QUICK_R2",
161
162 "STATE_INFO",
163 "STATE_INFO_PROTECTED",
164
165 "STATE_XAUTH_I0",
166 "STATE_XAUTH_R1",
167 "STATE_XAUTH_I1",
168 "STATE_XAUTH_R2",
169 "STATE_XAUTH_I2",
170 "STATE_XAUTH_R3",
171
172 "STATE_MODE_CFG_R0",
173 "STATE_MODE_CFG_I1",
174 "STATE_MODE_CFG_R1",
175 "STATE_MODE_CFG_I2",
176
177 "STATE_MODE_CFG_I0",
178 "STATE_MODE_CFG_R3",
179 "STATE_MODE_CFG_I3",
180 "STATE_MODE_CFG_R4",
181
182 "STATE_IKE_ROOF"
183 };
184
185 enum_names state_names =
186 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
187
188 /* story for state */
189
190 const char *const state_story[] = {
191 "expecting MI1", /* STATE_MAIN_R0 */
192 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
193 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
194 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
195 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
196 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
197 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
198 "ISAKMP SA established", /* STATE_MAIN_I4 */
199
200 "expecting QI1", /* STATE_QUICK_R0 */
201 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
202 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
203 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
204 "IPsec SA established", /* STATE_QUICK_R2 */
205
206 "got Informational Message in clear", /* STATE_INFO */
207 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
208
209 "expecting XAUTH request", /* STATE_XAUTH_I0 */
210 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
211 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
212 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
213 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
214 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
215
216 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
217 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
218 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
219 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
220
221 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
222 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
223 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
224 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
225 };
226
227 /* kind of struct connection */
228
229 static const char *const connection_kind_name[] = {
230 "CK_GROUP", /* policy group: instantiates to template */
231 "CK_TEMPLATE", /* abstract connection, with wildcard */
232 "CK_PERMANENT", /* normal connection */
233 "CK_INSTANCE", /* instance of template, created for a particular attempt */
234 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
235 };
236
237 enum_names connection_kind_names =
238 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
239
240 /* routing status names */
241
242 static const char *const routing_story_strings[] = {
243 "unrouted", /* RT_UNROUTED: unrouted */
244 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
245 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
246 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
247 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
248 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
249 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
250 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
251 };
252
253 enum_names routing_story =
254 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
255
256 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
257
258 const char *const payload_name[] = {
259 "ISAKMP_NEXT_NONE",
260 "ISAKMP_NEXT_SA",
261 "ISAKMP_NEXT_P",
262 "ISAKMP_NEXT_T",
263 "ISAKMP_NEXT_KE",
264 "ISAKMP_NEXT_ID",
265 "ISAKMP_NEXT_CERT",
266 "ISAKMP_NEXT_CR",
267 "ISAKMP_NEXT_HASH",
268 "ISAKMP_NEXT_SIG",
269 "ISAKMP_NEXT_NONCE",
270 "ISAKMP_NEXT_N",
271 "ISAKMP_NEXT_D",
272 "ISAKMP_NEXT_VID",
273 "ISAKMP_NEXT_MODECFG",
274 "ISAKMP_NEXT_15",
275 "ISAKMP_NEXT_16",
276 "ISAKMP_NEXT_17",
277 "ISAKMP_NEXT_18",
278 "ISAKMP_NEXT_19",
279 "ISAKMP_NEXT_NAT-D",
280 "ISAKMP_NEXT_NAT-OA",
281 NULL
282 };
283
284 const char *const payload_name_nat_d[] = {
285 "ISAKMP_NEXT_NAT-D",
286 "ISAKMP_NEXT_NAT-OA", NULL
287 };
288
289 static enum_names payload_names_nat_d =
290 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
291
292 enum_names payload_names =
293 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
294
295 /* Exchange types (note: two discontinuous ranges) */
296
297 static const char *const exchange_name[] = {
298 "ISAKMP_XCHG_NONE",
299 "ISAKMP_XCHG_BASE",
300 "ISAKMP_XCHG_IDPROT",
301 "ISAKMP_XCHG_AO",
302 "ISAKMP_XCHG_AGGR",
303 "ISAKMP_XCHG_INFO",
304 "ISAKMP_XCHG_MODE_CFG",
305 };
306
307 static const char *const exchange_name2[] = {
308 "ISAKMP_XCHG_QUICK",
309 "ISAKMP_XCHG_NGRP",
310 "ISAKMP_XCHG_ACK_INFO",
311 };
312
313 static enum_names exchange_desc2 =
314 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
315
316 enum_names exchange_names =
317 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
318
319 /* Flag BITS */
320 const char *const flag_bit_names[] = {
321 "ISAKMP_FLAG_ENCRYPTION",
322 "ISAKMP_FLAG_COMMIT",
323 NULL
324 };
325
326 /* Situation BITS definition for IPsec DOI */
327
328 const char *const sit_bit_names[] = {
329 "SIT_IDENTITY_ONLY",
330 "SIT_SECRECY",
331 "SIT_INTEGRITY",
332 NULL
333 };
334
335 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
336
337 static const char *const protocol_name[] = {
338 "PROTO_ISAKMP",
339 "PROTO_IPSEC_AH",
340 "PROTO_IPSEC_ESP",
341 "PROTO_IPCOMP",
342 };
343
344 enum_names protocol_names =
345 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
346
347 /* IPsec ISAKMP transform values */
348
349 static const char *const isakmp_transform_name[] = {
350 "KEY_IKE",
351 };
352
353 enum_names isakmp_transformid_names =
354 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
355
356 /* IPsec AH transform values */
357
358 static const char *const ah_transform_name[] = {
359 "HMAC_MD5",
360 "HMAC_SHA1",
361 "DES_MAC",
362 "HMAC_SHA2_256",
363 "HMAC_SHA2_384",
364 "HMAC_SHA2_512",
365 "HMAC_RIPEMD",
366 "AES_XCBC_96",
367 "SIG_RSA"
368 };
369
370 enum_names ah_transformid_names =
371 { AH_MD5, AH_RSA, ah_transform_name, NULL };
372
373 /* IPsec ESP transform values */
374
375 static const char *const esp_transform_name[] = {
376 "DES_IV64",
377 "DES_CBC",
378 "3DES_CBC",
379 "RC5_CBC",
380 "IDEA_CBC",
381 "CAST_CBC",
382 "BLOWFISH_CBC",
383 "3IDEA",
384 "DES_IV32",
385 "RC4",
386 "NULL",
387 "AES_CBC",
388 "AES_CTR",
389 "AES_CCM_8",
390 "AES_CCM_12",
391 "AES_CCM_16",
392 "UNASSIGNED_17",
393 "AES_GCM_8",
394 "AES_GCM_12",
395 "AES_GCM_16",
396 "SEED_CBC",
397 "CAMELLIA_CBC"
398 };
399
400 static const char *const esp_transform_name_high[] = {
401 "SERPENT_CBC",
402 "TWOFISH_CBC"
403 };
404
405 enum_names esp_transformid_names_high =
406 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
407
408 enum_names esp_transformid_names =
409 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
410
411 /* IPCOMP transform values */
412
413 static const char *const ipcomp_transform_name[] = {
414 "IPCOMP_OUI",
415 "IPCOMP_DEFLAT",
416 "IPCOMP_LZS",
417 "IPCOMP_LZJH",
418 };
419
420 enum_names ipcomp_transformid_names =
421 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
422
423 /* Identification type values */
424
425 static const char *const ident_name[] = {
426 "ID_IPV4_ADDR",
427 "ID_FQDN",
428 "ID_USER_FQDN",
429 "ID_IPV4_ADDR_SUBNET",
430 "ID_IPV6_ADDR",
431 "ID_IPV6_ADDR_SUBNET",
432 "ID_IPV4_ADDR_RANGE",
433 "ID_IPV6_ADDR_RANGE",
434 "ID_DER_ASN1_DN",
435 "ID_DER_ASN1_GN",
436 "ID_KEY_ID",
437 };
438
439 enum_names ident_names =
440 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
441
442 /* Certificate type values */
443
444 static const char *const cert_type_name[] = {
445 "CERT_NONE",
446 "CERT_PKCS7_WRAPPED_X509",
447 "CERT_PGP",
448 "CERT_DNS_SIGNED_KEY",
449 "CERT_X509_SIGNATURE",
450 "CERT_X509_KEY_EXCHANGE",
451 "CERT_KERBEROS_TOKENS",
452 "CERT_CRL",
453 "CERT_ARL",
454 "CERT_SPKI",
455 "CERT_X509_ATTRIBUTE",
456 };
457
458 enum_names cert_type_names =
459 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
460
461 /* Certificate policy names */
462
463 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
464 "ALWAYS_SEND",
465 "SEND_IF_ASKED",
466 "NEVER_SEND",
467 );
468
469 /* Goal BITs for establishing an SA
470 * Note: we drop the POLICY_ prefix so that logs are more concise.
471 */
472
473 const char *const sa_policy_bit_names[] = {
474 "PSK",
475 "RSASIG",
476 "ENCRYPT",
477 "AUTHENTICATE",
478 "COMPRESS",
479 "TUNNEL",
480 "PFS",
481 "DISABLEARRIVALCHECK",
482 "SHUNT0",
483 "SHUNT1",
484 "FAILSHUNT0",
485 "FAILSHUNT1",
486 "DONTREKEY",
487 "OPPORTUNISTIC",
488 "GROUP",
489 "GROUTED",
490 "UP",
491 "MODECFGPUSH",
492 "XAUTHPSK",
493 "XAUTHRSASIG",
494 "XAUTHSERVER",
495 "DONTREAUTH",
496 "BEET",
497 "MOBIKE",
498 "ECDSA",
499 "PROXY",
500 NULL
501 };
502
503 const char *const policy_shunt_names[4] = {
504 "TRAP",
505 "PASS",
506 "DROP",
507 "REJECT",
508 };
509
510 const char *const policy_fail_names[4] = {
511 "NONE",
512 "PASS",
513 "DROP",
514 "REJECT",
515 };
516
517 /* Oakley transform attributes
518 * oakley_attr_bit_names does double duty: it is used for enum names
519 * and bit names.
520 */
521
522 const char *const oakley_attr_bit_names[] = {
523 "OAKLEY_ENCRYPTION_ALGORITHM",
524 "OAKLEY_HASH_ALGORITHM",
525 "OAKLEY_AUTHENTICATION_METHOD",
526 "OAKLEY_GROUP_DESCRIPTION",
527 "OAKLEY_GROUP_TYPE",
528 "OAKLEY_GROUP_PRIME",
529 "OAKLEY_GROUP_GENERATOR_ONE",
530 "OAKLEY_GROUP_GENERATOR_TWO",
531 "OAKLEY_GROUP_CURVE_A",
532 "OAKLEY_GROUP_CURVE_B",
533 "OAKLEY_LIFE_TYPE",
534 "OAKLEY_LIFE_DURATION",
535 "OAKLEY_PRF",
536 "OAKLEY_KEY_LENGTH",
537 "OAKLEY_FIELD_SIZE",
538 "OAKLEY_GROUP_ORDER",
539 "OAKLEY_BLOCK_SIZE",
540 NULL
541 };
542
543 static const char *const oakley_var_attr_name[] = {
544 "OAKLEY_GROUP_PRIME (variable length)",
545 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
546 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
547 "OAKLEY_GROUP_CURVE_A (variable length)",
548 "OAKLEY_GROUP_CURVE_B (variable length)",
549 NULL,
550 "OAKLEY_LIFE_DURATION (variable length)",
551 NULL,
552 NULL,
553 NULL,
554 "OAKLEY_GROUP_ORDER (variable length)",
555 };
556
557 static enum_names oakley_attr_desc_tv = {
558 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
559 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
560
561 enum_names oakley_attr_names = {
562 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
563 oakley_var_attr_name, &oakley_attr_desc_tv };
564
565 /* for each Oakley attribute, which enum_names describes its values? */
566 enum_names *oakley_attr_val_descs[] = {
567 NULL, /* (none) */
568 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
569 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
570 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
571 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
572 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
573 NULL, /* OAKLEY_GROUP_PRIME */
574 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
575 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
576 NULL, /* OAKLEY_GROUP_CURVE_A */
577 NULL, /* OAKLEY_GROUP_CURVE_B */
578 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
579 NULL, /* OAKLEY_LIFE_DURATION */
580 &oakley_prf_names, /* OAKLEY_PRF */
581 NULL, /* OAKLEY_KEY_LENGTH */
582 NULL, /* OAKLEY_FIELD_SIZE */
583 NULL, /* OAKLEY_GROUP_ORDER */
584 };
585
586 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
587
588 static const char *const ipsec_attr_name[] = {
589 "SA_LIFE_TYPE",
590 "SA_LIFE_DURATION",
591 "GROUP_DESCRIPTION",
592 "ENCAPSULATION_MODE",
593 "AUTH_ALGORITHM",
594 "KEY_LENGTH",
595 "KEY_ROUNDS",
596 "COMPRESS_DICT_SIZE",
597 "COMPRESS_PRIVATE_ALG",
598 };
599
600 static const char *const ipsec_var_attr_name[] = {
601 "SA_LIFE_DURATION (variable length)",
602 NULL,
603 NULL,
604 NULL,
605 NULL,
606 NULL,
607 NULL,
608 "COMPRESS_PRIVATE_ALG (variable length)",
609 };
610
611 static enum_names ipsec_attr_desc_tv = {
612 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
613 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
614 ipsec_attr_name, NULL };
615
616 enum_names ipsec_attr_names = {
617 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
618 ipsec_var_attr_name, &ipsec_attr_desc_tv };
619
620 /* for each IPsec attribute, which enum_names describes its values? */
621 enum_names *ipsec_attr_val_descs[] = {
622 NULL, /* (none) */
623 &sa_lifetime_names, /* SA_LIFE_TYPE */
624 NULL, /* SA_LIFE_DURATION */
625 &oakley_group_names, /* GROUP_DESCRIPTION */
626 &enc_mode_names, /* ENCAPSULATION_MODE */
627 &auth_alg_names, /* AUTH_ALGORITHM */
628 NULL, /* KEY_LENGTH */
629 NULL, /* KEY_ROUNDS */
630 NULL, /* COMPRESS_DICT_SIZE */
631 NULL, /* COMPRESS_PRIVATE_ALG */
632 };
633
634 /* SA Lifetime Type attribute */
635
636 static const char *const sa_lifetime_name[] = {
637 "SA_LIFE_TYPE_SECONDS",
638 "SA_LIFE_TYPE_KBYTES",
639 };
640
641 enum_names sa_lifetime_names =
642 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
643
644 /* Encapsulation Mode attribute */
645
646 static const char *const enc_mode_name[] = {
647 "ENCAPSULATION_MODE_TUNNEL",
648 "ENCAPSULATION_MODE_TRANSPORT",
649 "ENCAPSULATION_MODE_UDP_TUNNEL",
650 "ENCAPSULATION_MODE_UDP_TRANSPORT",
651 };
652
653 static const char *const enc_udp_mode_name[] = {
654 "ENCAPSULATION_MODE_UDP_TUNNEL",
655 "ENCAPSULATION_MODE_UDP_TRANSPORT",
656 };
657
658 static enum_names enc_udp_mode_names =
659 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
660
661 enum_names enc_mode_names =
662 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
663
664 /* Auth Algorithm attribute */
665
666 static const char *const auth_alg_name[] = {
667 "HMAC_MD5",
668 "HMAC_SHA1",
669 "DES_MAC",
670 "KPDK",
671 "HMAC_SHA2_256",
672 "HMAC_SHA2_384",
673 "HMAC_SHA2_512",
674 "HMAC_RIPEMD",
675 "AES_XCBC_96",
676 "SIG_RSA"
677 };
678
679 static const char *const extended_auth_alg_name[] = {
680 "NULL"
681 };
682
683 enum_names extended_auth_alg_names =
684 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
685
686 enum_names auth_alg_names =
687 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
688 , &extended_auth_alg_names };
689
690 /* From draft-beaulieu-ike-xauth */
691 static const char *const xauth_type_name[] = {
692 "Generic",
693 "RADIUS-CHAP",
694 "OTP",
695 "S/KEY",
696 };
697
698 enum_names xauth_type_names =
699 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
700
701 /* From draft-beaulieu-ike-xauth */
702 static const char *const xauth_attr_tv_name[] = {
703 "XAUTH_TYPE",
704 NULL,
705 NULL,
706 NULL,
707 NULL,
708 NULL,
709 NULL,
710 "XAUTH_STATUS",
711 };
712
713 enum_names xauth_attr_tv_names = {
714 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
715 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
716
717 static const char *const unity_attr_name[] = {
718 "UNITY_BANNER",
719 "UNITY_SAVE_PASSWD",
720 "UNITY_DEF_DOMAIN",
721 "UNITY_SPLITDNS_NAME",
722 "UNITY_SPLIT_INCLUDE",
723 "UNITY_NATT_PORT",
724 "UNITY_LOCAL_LAN",
725 "UNITY_PFS",
726 "UNITY_FW_TYPE",
727 "UNITY_BACKUP_SERVERS",
728 "UNITY_DDNS_HOSTNAME",
729 };
730
731 enum_names unity_attr_names =
732 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
733
734 static const char *const microsoft_attr_name[] = {
735 "INTERNAL_IP4_SERVER",
736 "INTERNAL_IP6_SERVER",
737 };
738
739 enum_names microsoft_attr_names =
740 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
741
742 static const char *const xauth_attr_name[] = {
743 "XAUTH_USER_NAME",
744 "XAUTH_USER_PASSWORD",
745 "XAUTH_PASSCODE",
746 "XAUTH_MESSAGE",
747 "XAUTH_CHALLENGE",
748 "XAUTH_DOMAIN",
749 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
750 "XAUTH_NEXT_PIN",
751 "XAUTH_ANSWER",
752 };
753
754 enum_names xauth_attr_names =
755 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
756
757 static const char *const modecfg_attr_name[] = {
758 "INTERNAL_IP4_ADDRESS",
759 "INTERNAL_IP4_NETMASK",
760 "INTERNAL_IP4_DNS",
761 "INTERNAL_IP4_NBNS",
762 "INTERNAL_ADDRESS_EXPIRY",
763 "INTERNAL_IP4_DHCP",
764 "APPLICATION_VERSION",
765 "INTERNAL_IP6_ADDRESS",
766 "INTERNAL_IP6_NETMASK",
767 "INTERNAL_IP6_DNS",
768 "INTERNAL_IP6_NBNS",
769 "INTERNAL_IP6_DHCP",
770 "INTERNAL_IP4_SUBNET",
771 "SUPPORTED_ATTRIBUTES",
772 "INTERNAL_IP6_SUBNET",
773 };
774
775 enum_names modecfg_attr_names =
776 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
777
778 /* Oakley Lifetime Type attribute */
779
780 static const char *const oakley_lifetime_name[] = {
781 "OAKLEY_LIFE_SECONDS",
782 "OAKLEY_LIFE_KILOBYTES",
783 };
784
785 enum_names oakley_lifetime_names =
786 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
787
788 /* Oakley PRF attribute (none defined) */
789
790 enum_names oakley_prf_names =
791 { 1, 0, NULL, NULL };
792
793 /* Oakley Encryption Algorithm attribute */
794
795 static const char *const oakley_enc_name[] = {
796 "DES_CBC",
797 "IDEA_CBC",
798 "BLOWFISH_CBC",
799 "RC5_R16_B64_CBC",
800 "3DES_CBC",
801 "CAST_CBC",
802 "AES_CBC",
803 "CAMELLIA_CBC"
804 };
805
806 #ifdef NO_EXTRA_IKE
807 enum_names oakley_enc_names =
808 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
809 #else
810 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
811 "MARS_CBC" /* 65001 */,
812 "RC6_CBC" /* 65002 */,
813 "ID_65003" /* 65003 */,
814 "SERPENT_CBC" /* 65004 */,
815 "TWOFISH_CBC" /* 65005 */,
816 };
817
818 static const char *const oakley_enc_name_ssh[] = {
819 "TWOFISH_CBC_SSH",
820 };
821
822 enum_names oakley_enc_names_ssh =
823 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
824 , NULL };
825
826 enum_names oakley_enc_names_draft_aes_cbc_02 =
827 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
828 , &oakley_enc_names_ssh };
829
830 enum_names oakley_enc_names =
831 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
832 , &oakley_enc_names_draft_aes_cbc_02 };
833 #endif
834
835 /* Oakley Hash Algorithm attribute */
836
837 static const char *const oakley_hash_name[] = {
838 "HMAC_MD5",
839 "HMAC_SHA1",
840 "HMAC_TIGER",
841 "HMAC_SHA2_256",
842 "HMAC_SHA2_384",
843 "HMAC_SHA2_512",
844 };
845
846 enum_names oakley_hash_names =
847 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
848
849 /* Oakley Authentication Method attribute */
850
851 static const char *const oakley_auth_name1[] = {
852 "OAKLEY_PRESHARED_KEY",
853 "OAKLEY_DSS_SIG",
854 "OAKLEY_RSA_SIG",
855 "OAKLEY_RSA_ENC",
856 "OAKLEY_RSA_ENC_REV",
857 "OAKLEY_ELGAMAL_ENC",
858 "OAKLEY_ELGAMAL_ENC_REV",
859 };
860
861 static const char *const oakley_auth_name2[] = {
862 "HybridInitRSA",
863 "HybridRespRSA",
864 "HybridInitDSS",
865 "HybridRespDSS",
866 };
867
868 static const char *const oakley_auth_name3[] = {
869 "XAUTHInitPreShared",
870 "XAUTHRespPreShared",
871 "XAUTHInitDSS",
872 "XAUTHRespDSS",
873 "XAUTHInitRSA",
874 "XAUTHRespRSA",
875 "XAUTHInitRSAEncryption",
876 "XAUTHRespRSAEncryption",
877 "XAUTHInitRSARevisedEncryption",
878 "XAUTHRespRSARevisedEncryption",
879 };
880
881 static enum_names oakley_auth_names1 =
882 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
883 , oakley_auth_name1, NULL };
884
885 static enum_names oakley_auth_names2 =
886 { HybridInitRSA, HybridRespDSS
887 , oakley_auth_name2, &oakley_auth_names1 };
888
889 enum_names oakley_auth_names =
890 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
891 , oakley_auth_name3, &oakley_auth_names2 };
892
893 /* Oakley Group Description attribute */
894
895 static const char *const oakley_group_name[] = {
896 "MODP_768",
897 "MODP_1024",
898 "GP_155",
899 "GP_185",
900 "MODP_1536",
901 };
902
903 static const char *const oakley_group_name_rfc3526[] = {
904 "MODP_2048",
905 "MODP_3072",
906 "MODP_4096",
907 "MODP_6144",
908 "MODP_8192"
909 };
910
911 enum_names oakley_group_names_rfc3526 =
912 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
913 oakley_group_name_rfc3526, NULL };
914
915 enum_names oakley_group_names =
916 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
917 oakley_group_name, &oakley_group_names_rfc3526 };
918
919 /* Oakley Group Type attribute */
920
921 static const char *const oakley_group_type_name[] = {
922 "OAKLEY_GROUP_TYPE_MODP",
923 "OAKLEY_GROUP_TYPE_ECP",
924 "OAKLEY_GROUP_TYPE_EC2N",
925 };
926
927 enum_names oakley_group_type_names =
928 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
929
930 /* Notify messages -- error types */
931
932 static const char *const notification_name[] = {
933 "INVALID_PAYLOAD_TYPE",
934 "DOI_NOT_SUPPORTED",
935 "SITUATION_NOT_SUPPORTED",
936 "INVALID_COOKIE",
937 "INVALID_MAJOR_VERSION",
938 "INVALID_MINOR_VERSION",
939 "INVALID_EXCHANGE_TYPE",
940 "INVALID_FLAGS",
941 "INVALID_MESSAGE_ID",
942 "INVALID_PROTOCOL_ID",
943 "INVALID_SPI",
944 "INVALID_TRANSFORM_ID",
945 "ATTRIBUTES_NOT_SUPPORTED",
946 "NO_PROPOSAL_CHOSEN",
947 "BAD_PROPOSAL_SYNTAX",
948 "PAYLOAD_MALFORMED",
949 "INVALID_KEY_INFORMATION",
950 "INVALID_ID_INFORMATION",
951 "INVALID_CERT_ENCODING",
952 "INVALID_CERTIFICATE",
953 "CERT_TYPE_UNSUPPORTED",
954 "INVALID_CERT_AUTHORITY",
955 "INVALID_HASH_INFORMATION",
956 "AUTHENTICATION_FAILED",
957 "INVALID_SIGNATURE",
958 "ADDRESS_NOTIFICATION",
959 "NOTIFY_SA_LIFETIME",
960 "CERTIFICATE_UNAVAILABLE",
961 "UNSUPPORTED_EXCHANGE_TYPE",
962 "UNEQUAL_PAYLOAD_LENGTHS",
963 };
964
965 static const char *const notification_status_name[] = {
966 "CONNECTED",
967 };
968
969 static const char *const ipsec_notification_name[] = {
970 "IPSEC_RESPONDER_LIFETIME",
971 "IPSEC_REPLAY_STATUS",
972 "IPSEC_INITIAL_CONTACT",
973 };
974
975 static const char *const notification_dpd_name[] = {
976 "R_U_THERE",
977 "R_U_THERE_ACK",
978 };
979
980 enum_names notification_dpd_names =
981 { R_U_THERE, R_U_THERE_ACK,
982 notification_dpd_name, NULL };
983
984 enum_names ipsec_notification_names =
985 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
986 ipsec_notification_name, &notification_dpd_names };
987
988 enum_names notification_status_names =
989 { CONNECTED, CONNECTED,
990 notification_status_name, &ipsec_notification_names };
991
992 enum_names notification_names =
993 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
994 notification_name, &notification_status_names };
995
996 /* MODECFG
997 * From draft-dukes-ike-mode-cfg
998 */
999 const char *const attr_msg_type_name[] = {
1000 "ISAKMP_CFG_RESERVED",
1001 "ISAKMP_CFG_REQUEST",
1002 "ISAKMP_CFG_REPLY",
1003 "ISAKMP_CFG_SET",
1004 "ISAKMP_CFG_ACK",
1005 NULL
1006 };
1007
1008 enum_names attr_msg_type_names =
1009 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1010
1011 /* socket address family info */
1012
1013 static const char *const af_inet_name[] = {
1014 "AF_INET",
1015 };
1016
1017 static const char *const af_inet6_name[] = {
1018 "AF_INET6",
1019 };
1020
1021 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1022
1023 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1024
1025 static ip_address ipv4_any, ipv6_any;
1026 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1027 static ip_subnet ipv4_all, ipv6_all;
1028
1029 const struct af_info af_inet4_info = {
1030 AF_INET,
1031 "AF_INET",
1032 sizeof(struct in_addr),
1033 sizeof(struct sockaddr_in),
1034 32,
1035 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1036 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1037 };
1038
1039 const struct af_info af_inet6_info = {
1040 AF_INET6,
1041 "AF_INET6",
1042 sizeof(struct in6_addr),
1043 sizeof(struct sockaddr_in6),
1044 128,
1045 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1046 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1047 };
1048
1049 const struct af_info *
1050 aftoinfo(int af)
1051 {
1052 switch (af)
1053 {
1054 case AF_INET:
1055 return &af_inet4_info;
1056 case AF_INET6:
1057 return &af_inet6_info;
1058 default:
1059 return NULL;
1060 }
1061 }
1062
1063 bool
1064 subnetisnone(const ip_subnet *sn)
1065 {
1066 ip_address base;
1067
1068 networkof(sn, &base);
1069 return isanyaddr(&base) && subnetishost(sn);
1070 }
1071
1072 /* BIND enumerated types */
1073
1074 #include <arpa/nameser.h>
1075
1076 static const char *const rr_type_name[] = {
1077 "T_A", /* 1 host address */
1078 "T_NS", /* 2 authoritative server */
1079 "T_MD", /* 3 mail destination */
1080 "T_MF", /* 4 mail forwarder */
1081 "T_CNAME", /* 5 canonical name */
1082 "T_SOA", /* 6 start of authority zone */
1083 "T_MB", /* 7 mailbox domain name */
1084 "T_MG", /* 8 mail group member */
1085 "T_MR", /* 9 mail rename name */
1086 "T_NULL", /* 10 null resource record */
1087 "T_WKS", /* 11 well known service */
1088 "T_PTR", /* 12 domain name pointer */
1089 "T_HINFO", /* 13 host information */
1090 "T_MINFO", /* 14 mailbox information */
1091 "T_MX", /* 15 mail routing information */
1092 "T_TXT", /* 16 text strings */
1093 "T_RP", /* 17 responsible person */
1094 "T_AFSDB", /* 18 AFS cell database */
1095 "T_X25", /* 19 X_25 calling address */
1096 "T_ISDN", /* 20 ISDN calling address */
1097 "T_RT", /* 21 router */
1098 "T_NSAP", /* 22 NSAP address */
1099 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1100 "T_SIG", /* 24 security signature */
1101 "T_KEY", /* 25 security key */
1102 "T_PX", /* 26 X.400 mail mapping */
1103 "T_GPOS", /* 27 geographical position (withdrawn) */
1104 "T_AAAA", /* 28 IP6 Address */
1105 "T_LOC", /* 29 Location Information */
1106 "T_NXT", /* 30 Next Valid Name in Zone */
1107 "T_EID", /* 31 Endpoint identifier */
1108 "T_NIMLOC", /* 32 Nimrod locator */
1109 "T_SRV", /* 33 Server selection */
1110 "T_ATMA", /* 34 ATM Address */
1111 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1112 NULL
1113 };
1114
1115 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1116
1117 /* Query type values which do not appear in resource records */
1118 static const char *const rr_qtype_name[] = {
1119 "T_IXFR", /* 251 incremental zone transfer */
1120 "T_AXFR", /* 252 transfer zone of authority */
1121 "T_MAILB", /* 253 transfer mailbox records */
1122 "T_MAILA", /* 254 transfer mail agent records */
1123 "T_ANY", /* 255 wildcard match */
1124 NULL
1125 };
1126
1127 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1128
1129 static const char *const rr_class_name[] = {
1130 "C_IN", /* 1 the arpa internet */
1131 NULL
1132 };
1133
1134 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1135
1136 /*
1137 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1138 *
1139 */
1140 const char *const natt_type_bitnames[] = {
1141 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1142 "draft-ietf-ipsec-nat-t-ike-02/03",
1143 "RFC 3947",
1144 "3", /* 3 */
1145 "4", "5", "6", "7",
1146 "8", "9", "10", "11",
1147 "12", "13", "14", "15",
1148 "16", "17", "18", "19",
1149 "20", "21", "22", "23",
1150 "24", "25", "26", "27",
1151 "28", "29",
1152 "nat is behind me",
1153 "nat is behind peer"
1154 };
1155
1156 /* look up enum names in an enum_names */
1157
1158 const char *
1159 enum_name(enum_names *ed, unsigned long val)
1160 {
1161 enum_names *p;
1162
1163 for (p = ed; p != NULL; p = p->en_next_range)
1164 {
1165 if (p->en_first <= val && val <= p->en_last)
1166 return p->en_names[val - p->en_first];
1167 }
1168 return NULL;
1169 }
1170
1171 /* find or construct a string to describe an enum value
1172 * Result may be in STATIC buffer!
1173 */
1174 const char *
1175 enum_show(enum_names *ed, unsigned long val)
1176 {
1177 const char *p = enum_name(ed, val);
1178
1179 if (p == NULL)
1180 {
1181 static char buf[12]; /* only one! I hope that it is big enough */
1182
1183 snprintf(buf, sizeof(buf), "%lu??", val);
1184 p = buf;
1185 }
1186 return p;
1187 }
1188
1189
1190 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1191
1192 int
1193 enum_search(enum_names *ed, const char *str)
1194 {
1195 enum_names *p;
1196 const char *ptr;
1197 unsigned en;
1198
1199 for (p = ed; p != NULL; p = p->en_next_range)
1200 {
1201 for (en = p->en_first; en <= p->en_last ;en++)
1202 {
1203 ptr = p->en_names[en - p->en_first];
1204 if (ptr == 0)
1205 {
1206 continue;
1207 }
1208 if (streq(ptr, str))
1209 {
1210 return en;
1211 }
1212 }
1213 }
1214 return -1;
1215 }
1216
1217 /* construct a string to name the bits on in a set
1218 * Result may be in STATIC buffer!
1219 * Note: prettypolicy depends on internal details.
1220 */
1221 const char *
1222 bitnamesof(const char *const table[], lset_t val)
1223 {
1224 char *p = bitnamesbuf;
1225 lset_t bit;
1226 const char *const *tp;
1227
1228 if (val == 0)
1229 return "none";
1230
1231 for (tp = table, bit = 01; val != 0; bit <<= 1)
1232 {
1233 if (val & bit)
1234 {
1235 const char *n = *tp;
1236 size_t nl;
1237
1238 if (n == NULL || *n == '\0')
1239 {
1240 /* no name for this bit, so use hex */
1241 static char flagbuf[sizeof("0x80000000")];
1242
1243 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1244 n = flagbuf;
1245 }
1246
1247 nl = strlen(n);
1248
1249 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1250 *p++ = '+';
1251
1252 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1253 {
1254 strcpy(p, n);
1255 p += nl;
1256 }
1257 val -= bit;
1258 }
1259 if (*tp != NULL)
1260 tp++; /* move on, but not past end */
1261 }
1262 *p = '\0';
1263 return bitnamesbuf;
1264 }
1265
1266 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1267 * Suppress the shunt and fail fields if 0.
1268 */
1269 const char *
1270 prettypolicy(lset_t policy)
1271 {
1272 const char *bn = bitnamesof(sa_policy_bit_names
1273 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1274 size_t len;
1275 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1276 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1277
1278 if (bn != bitnamesbuf)
1279 bitnamesbuf[0] = '\0';
1280 len = strlen(bitnamesbuf);
1281 if (shunt != 0)
1282 {
1283 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1284 , policy_shunt_names[shunt]);
1285 len += strlen(bitnamesbuf + len);
1286 }
1287 if (fail != 0)
1288 {
1289 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1290 , policy_fail_names[fail]);
1291 len += strlen(bitnamesbuf + len);
1292 }
1293 if (NEVER_NEGOTIATE(policy))
1294 {
1295 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1296 len += strlen(bitnamesbuf + len);
1297 }
1298 return bitnamesbuf;
1299 }
1300
1301 /* test a set by seeing if all bits have names */
1302
1303 bool
1304 testset(const char *const table[], lset_t val)
1305 {
1306 lset_t bit;
1307 const char *const *tp;
1308
1309 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1310 {
1311 const char *n = *tp;
1312
1313 if (n == NULL || ((val & bit) && *n == '\0'))
1314 return FALSE;
1315 val &= ~bit;
1316 }
1317 return TRUE;
1318 }
1319
1320
1321 const char sparse_end[] = "end of sparse names";
1322
1323 /* look up enum names in a sparse_names */
1324 const char *sparse_name(sparse_names sd, unsigned long val)
1325 {
1326 const struct sparse_name *p;
1327
1328 for (p = sd; p->name != sparse_end; p++)
1329 if (p->val == val)
1330 return p->name;
1331 return NULL;
1332 }
1333
1334 /* find or construct a string to describe an sparse value
1335 * Result may be in STATIC buffer!
1336 */
1337 const char *
1338 sparse_val_show(sparse_names sd, unsigned long val)
1339 {
1340 const char *p = sparse_name(sd, val);
1341
1342 if (p == NULL)
1343 {
1344 static char buf[12]; /* only one! I hope that it is big enough */
1345
1346 snprintf(buf, sizeof(buf), "%lu??", val);
1347 p = buf;
1348 }
1349 return p;
1350 }
1351
1352 void init_constants(void)
1353 {
1354 happy(anyaddr(AF_INET, &ipv4_any));
1355 happy(anyaddr(AF_INET6, &ipv6_any));
1356
1357 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1358 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1359
1360 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1361 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1362 }
1363
1364 u_char secret_of_the_day[HASH_SIZE_SHA1];
1365
1366