added Cisco Unity ModeCfg attributes
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: constants.c,v 1.21 2006/03/27 07:38:59 as Exp $
15 */
16
17 /*
18 * Note that the array sizes are all specified; this is to enable range
19 * checking by code that only includes constants.h.
20 */
21
22 #include <stddef.h>
23 #include <string.h>
24 #include <stdio.h>
25 #include <netinet/in.h>
26
27 #include <freeswan.h>
28 #include <ipsec_policy.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef LIBCURL
42 " LIBCURL"
43 #endif
44 #ifdef LDAP_VER
45 #if LDAP_VER == 2
46 " LDAP_V2"
47 #else
48 " LDAP_V3"
49 #endif
50 #endif
51 #ifdef SMARTCARD
52 " SMARTCARD"
53 #endif
54 #ifdef VENDORID
55 " VENDORID"
56 #endif
57 #ifdef CISCO_QUIRKS
58 " CISCO_QUIRKS"
59 #endif
60 #ifdef USE_KEYRR
61 " KEYRR"
62 #endif
63 ;
64
65 /* version */
66
67 static const char *const version_name[] = {
68 "ISAKMP Version 1.0",
69 };
70
71 enum_names version_names =
72 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
73 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
74 version_name, NULL };
75
76 /* RFC 2459 CRL reason codes */
77
78 static const char *const crl_reason_name[] = {
79 "unspecified",
80 "key compromise",
81 "ca compromise",
82 "affiliation changed",
83 "superseded",
84 "cessation of operation",
85 "certificate hold",
86 "reason #7",
87 "remove from crl"
88 };
89
90 enum_names crl_reason_names =
91 { REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL, crl_reason_name, NULL};
92
93 /* RFC 3706 Dead Peer Detection */
94
95 static const char *const dpd_action_name[] = {
96 "none",
97 "clear",
98 "hold",
99 "restart"
100 };
101
102 enum_names dpd_action_names =
103 { DPD_ACTION_NONE, DPD_ACTION_RESTART, dpd_action_name, NULL};
104
105 /* Timer events */
106
107 static const char *const timer_event_name[] = {
108 "EVENT_NULL",
109 "EVENT_REINIT_SECRET",
110 "EVENT_SHUNT_SCAN",
111 "EVENT_SO_DISCARD",
112 "EVENT_RETRANSMIT",
113 "EVENT_SA_REPLACE",
114 "EVENT_SA_REPLACE_IF_USED",
115 "EVENT_SA_EXPIRE",
116 "EVENT_NAT_T_KEEPALIVE",
117 "EVENT_DPD",
118 "EVENT_DPD_TIMEOUT",
119 "EVENT_LOG_DAILY"
120 };
121
122 enum_names timer_event_names =
123 { EVENT_NULL, EVENT_LOG_DAILY, timer_event_name, NULL };
124
125 /* Domain of Interpretation */
126
127 static const char *const doi_name[] = {
128 "ISAKMP_DOI_ISAKMP",
129 "ISAKMP_DOI_IPSEC",
130 };
131
132 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
133
134 /* debugging settings: a set of selections for reporting
135 * These would be more naturally situated in log.h,
136 * but they are shared with whack.
137 * It turns out that "debug-" is clutter in all contexts this is used,
138 * so we leave it off.
139 */
140 #ifdef DEBUG
141 const char *const debug_bit_names[] = {
142 "raw",
143 "crypt",
144 "parsing",
145 "emitting",
146 "control",
147 "lifecycle",
148 "klips",
149 "dns",
150 "natt",
151 "oppo",
152 "controlmore",
153
154 "private",
155
156 "impair-delay-adns-key-answer",
157 "impair-delay-adns-txt-answer",
158 "impair-bust-mi2",
159 "impair-bust-mr2",
160
161 NULL
162 };
163 #endif
164
165 /* State of exchanges */
166
167 static const char *const state_name[] = {
168 "STATE_MAIN_R0",
169 "STATE_MAIN_I1",
170 "STATE_MAIN_R1",
171 "STATE_MAIN_I2",
172 "STATE_MAIN_R2",
173 "STATE_MAIN_I3",
174 "STATE_MAIN_R3",
175 "STATE_MAIN_I4",
176
177 "STATE_QUICK_R0",
178 "STATE_QUICK_I1",
179 "STATE_QUICK_R1",
180 "STATE_QUICK_I2",
181 "STATE_QUICK_R2",
182
183 "STATE_INFO",
184 "STATE_INFO_PROTECTED",
185
186 "STATE_XAUTH_I0",
187 "STATE_XAUTH_R1",
188 "STATE_XAUTH_I1",
189 "STATE_XAUTH_R2",
190 "STATE_XAUTH_I2",
191 "STATE_XAUTH_R3",
192
193 "STATE_MODE_CFG_R0",
194 "STATE_MODE_CFG_I1",
195 "STATE_MODE_CFG_R1",
196 "STATE_MODE_CFG_I2",
197
198 "STATE_MODE_CFG_I0",
199 "STATE_MODE_CFG_R3",
200 "STATE_MODE_CFG_I3",
201 "STATE_MODE_CFG_R4",
202
203 "STATE_IKE_ROOF"
204 };
205
206 enum_names state_names =
207 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
208
209 /* story for state */
210
211 const char *const state_story[] = {
212 "expecting MI1", /* STATE_MAIN_R0 */
213 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
214 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
215 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
216 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
217 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
218 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
219 "ISAKMP SA established", /* STATE_MAIN_I4 */
220
221 "expecting QI1", /* STATE_QUICK_R0 */
222 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
223 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
224 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
225 "IPsec SA established", /* STATE_QUICK_R2 */
226
227 "got Informational Message in clear", /* STATE_INFO */
228 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
229
230 "expecting XAUTH request", /* STATE_XAUTH_I0 */
231 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
232 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
233 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
234 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
235 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
236
237 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
238 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
239 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
240 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
241
242 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
243 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
244 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
245 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
246 };
247
248 /* kind of struct connection */
249
250 static const char *const connection_kind_name[] = {
251 "CK_GROUP", /* policy group: instantiates to template */
252 "CK_TEMPLATE", /* abstract connection, with wildcard */
253 "CK_PERMANENT", /* normal connection */
254 "CK_INSTANCE", /* instance of template, created for a particular attempt */
255 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
256 };
257
258 enum_names connection_kind_names =
259 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
260
261 /* routing status names */
262
263 static const char *const routing_story_strings[] = {
264 "unrouted", /* RT_UNROUTED: unrouted */
265 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
266 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
267 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
268 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
269 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
270 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
271 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
272 };
273
274 enum_names routing_story =
275 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
276
277 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
278
279 const char *const payload_name[] = {
280 "ISAKMP_NEXT_NONE",
281 "ISAKMP_NEXT_SA",
282 "ISAKMP_NEXT_P",
283 "ISAKMP_NEXT_T",
284 "ISAKMP_NEXT_KE",
285 "ISAKMP_NEXT_ID",
286 "ISAKMP_NEXT_CERT",
287 "ISAKMP_NEXT_CR",
288 "ISAKMP_NEXT_HASH",
289 "ISAKMP_NEXT_SIG",
290 "ISAKMP_NEXT_NONCE",
291 "ISAKMP_NEXT_N",
292 "ISAKMP_NEXT_D",
293 "ISAKMP_NEXT_VID",
294 "ISAKMP_NEXT_MODECFG",
295 "ISAKMP_NEXT_15",
296 "ISAKMP_NEXT_16",
297 "ISAKMP_NEXT_17",
298 "ISAKMP_NEXT_18",
299 "ISAKMP_NEXT_19",
300 "ISAKMP_NEXT_NAT-D",
301 "ISAKMP_NEXT_NAT-OA",
302 NULL
303 };
304
305 const char *const payload_name_nat_d[] = { "ISAKMP_NEXT_NAT-D",
306 "ISAKMP_NEXT_NAT-OA", NULL };
307
308 static enum_names payload_names_nat_d =
309 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
310
311 enum_names payload_names =
312 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
313
314 /* Exchange types (note: two discontinuous ranges) */
315
316 static const char *const exchange_name[] = {
317 "ISAKMP_XCHG_NONE",
318 "ISAKMP_XCHG_BASE",
319 "ISAKMP_XCHG_IDPROT",
320 "ISAKMP_XCHG_AO",
321 "ISAKMP_XCHG_AGGR",
322 "ISAKMP_XCHG_INFO",
323 "ISAKMP_XCHG_MODE_CFG",
324 };
325
326 static const char *const exchange_name2[] = {
327 "ISAKMP_XCHG_QUICK",
328 "ISAKMP_XCHG_NGRP",
329 "ISAKMP_XCHG_ACK_INFO",
330 };
331
332 static enum_names exchange_desc2 =
333 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
334
335 enum_names exchange_names =
336 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
337
338 /* Flag BITS */
339 const char *const flag_bit_names[] = {
340 "ISAKMP_FLAG_ENCRYPTION",
341 "ISAKMP_FLAG_COMMIT",
342 NULL
343 };
344
345 /* Situation BITS definition for IPsec DOI */
346
347 const char *const sit_bit_names[] = {
348 "SIT_IDENTITY_ONLY",
349 "SIT_SECRECY",
350 "SIT_INTEGRITY",
351 NULL
352 };
353
354 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
355
356 static const char *const protocol_name[] = {
357 "PROTO_ISAKMP",
358 "PROTO_IPSEC_AH",
359 "PROTO_IPSEC_ESP",
360 "PROTO_IPCOMP",
361 };
362
363 enum_names protocol_names =
364 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
365
366 /* IPsec ISAKMP transform values */
367
368 static const char *const isakmp_transform_name[] = {
369 "KEY_IKE",
370 };
371
372 enum_names isakmp_transformid_names =
373 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
374
375 /* IPsec AH transform values */
376
377 static const char *const ah_transform_name[] = {
378 "AH_MD5",
379 "AH_SHA",
380 "AH_DES",
381 "AH_SHA2_256",
382 "AH_SHA2_384",
383 "AH_SHA2_512",
384 "AH_RIPEMD"
385 };
386
387 enum_names ah_transformid_names =
388 { AH_MD5, AH_RIPEMD, ah_transform_name, NULL };
389
390 /* IPsec ESP transform values */
391
392 static const char *const esp_transform_name[] = {
393 "ESP_DES_IV64",
394 "ESP_DES",
395 "ESP_3DES",
396 "ESP_RC5",
397 "ESP_IDEA",
398 "ESP_CAST",
399 "ESP_BLOWFISH",
400 "ESP_3IDEA",
401 "ESP_DES_IV32",
402 "ESP_RC4",
403 "ESP_NULL",
404 "ESP_AES",
405 "ESP_AES-CTR",
406 "ESP_AES-CCM_8",
407 "ESP_AES-CCM_12",
408 "ESP_AES-CCM_16"
409 };
410
411 /*
412 * ipsec drafts suggest "high" ESP ids values for testing,
413 * assign generic ESP_ID<num> if not officially defined
414 */
415 static const char *const esp_transform_name_high[] = {
416 "ESP_SERPENT",
417 "ESP_TWOFISH"
418 };
419
420 enum_names esp_transformid_names_high =
421 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
422
423 enum_names esp_transformid_names =
424 { ESP_DES_IV64, ESP_AES_CCM_16, esp_transform_name, &esp_transformid_names_high };
425
426 /* IPCOMP transform values */
427
428 static const char *const ipcomp_transform_name[] = {
429 "IPCOMP_OUI",
430 "IPCOMP_DEFLAT",
431 "IPCOMP_LZS",
432 "IPCOMP_LZJH",
433 };
434
435 enum_names ipcomp_transformid_names =
436 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
437
438 /* Identification type values */
439
440 static const char *const ident_name[] = {
441 "ID_IPV4_ADDR",
442 "ID_FQDN",
443 "ID_USER_FQDN",
444 "ID_IPV4_ADDR_SUBNET",
445 "ID_IPV6_ADDR",
446 "ID_IPV6_ADDR_SUBNET",
447 "ID_IPV4_ADDR_RANGE",
448 "ID_IPV6_ADDR_RANGE",
449 "ID_DER_ASN1_DN",
450 "ID_DER_ASN1_GN",
451 "ID_KEY_ID",
452 };
453
454 enum_names ident_names =
455 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
456
457 /* Certificate type values */
458
459 static const char *const cert_type_name[] = {
460 "CERT_NONE",
461 "CERT_PKCS7_WRAPPED_X509",
462 "CERT_PGP",
463 "CERT_DNS_SIGNED_KEY",
464 "CERT_X509_SIGNATURE",
465 "CERT_X509_KEY_EXCHANGE",
466 "CERT_KERBEROS_TOKENS",
467 "CERT_CRL",
468 "CERT_ARL",
469 "CERT_SPKI",
470 "CERT_X509_ATTRIBUTE",
471 };
472
473 enum_names cert_type_names =
474 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
475
476 /* Certificate policy names */
477
478 static const char *const cert_policy_name[] = {
479 "ALWAYS_SEND",
480 "SEND_IF_ASKED",
481 "NEVER_SEND",
482 };
483
484 enum_names cert_policy_names =
485 { CERT_ALWAYS_SEND, CERT_NEVER_SEND, cert_policy_name, NULL };
486
487 /* Goal BITs for establishing an SA
488 * Note: we drop the POLICY_ prefix so that logs are more concise.
489 */
490
491 const char *const sa_policy_bit_names[] = {
492 "PSK",
493 "RSASIG",
494 "ENCRYPT",
495 "AUTHENTICATE",
496 "COMPRESS",
497 "TUNNEL",
498 "PFS",
499 "DISABLEARRIVALCHECK",
500 "SHUNT0",
501 "SHUNT1",
502 "FAILSHUNT0",
503 "FAILSHUNT1",
504 "DONTREKEY",
505 "OPPORTUNISTIC",
506 "GROUP",
507 "GROUTED",
508 "UP",
509 "MODECFGPUSH",
510 "XAUTHPSK",
511 "XAUTHRSASIG",
512 "XAUTHSERVER",
513 "DONTREAUTH",
514 NULL
515 };
516
517 const char *const policy_shunt_names[4] = {
518 "TRAP",
519 "PASS",
520 "DROP",
521 "REJECT",
522 };
523
524 const char *const policy_fail_names[4] = {
525 "NONE",
526 "PASS",
527 "DROP",
528 "REJECT",
529 };
530
531 /* Oakley transform attributes
532 * oakley_attr_bit_names does double duty: it is used for enum names
533 * and bit names.
534 */
535
536 const char *const oakley_attr_bit_names[] = {
537 "OAKLEY_ENCRYPTION_ALGORITHM",
538 "OAKLEY_HASH_ALGORITHM",
539 "OAKLEY_AUTHENTICATION_METHOD",
540 "OAKLEY_GROUP_DESCRIPTION",
541 "OAKLEY_GROUP_TYPE",
542 "OAKLEY_GROUP_PRIME",
543 "OAKLEY_GROUP_GENERATOR_ONE",
544 "OAKLEY_GROUP_GENERATOR_TWO",
545 "OAKLEY_GROUP_CURVE_A",
546 "OAKLEY_GROUP_CURVE_B",
547 "OAKLEY_LIFE_TYPE",
548 "OAKLEY_LIFE_DURATION",
549 "OAKLEY_PRF",
550 "OAKLEY_KEY_LENGTH",
551 "OAKLEY_FIELD_SIZE",
552 "OAKLEY_GROUP_ORDER",
553 "OAKLEY_BLOCK_SIZE",
554 NULL
555 };
556
557 static const char *const oakley_var_attr_name[] = {
558 "OAKLEY_GROUP_PRIME (variable length)",
559 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
560 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
561 "OAKLEY_GROUP_CURVE_A (variable length)",
562 "OAKLEY_GROUP_CURVE_B (variable length)",
563 NULL,
564 "OAKLEY_LIFE_DURATION (variable length)",
565 NULL,
566 NULL,
567 NULL,
568 "OAKLEY_GROUP_ORDER (variable length)",
569 };
570
571 static enum_names oakley_attr_desc_tv = {
572 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
573 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
574
575 enum_names oakley_attr_names = {
576 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
577 oakley_var_attr_name, &oakley_attr_desc_tv };
578
579 /* for each Oakley attribute, which enum_names describes its values? */
580 enum_names *oakley_attr_val_descs[] = {
581 NULL, /* (none) */
582 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
583 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
584 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
585 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
586 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
587 NULL, /* OAKLEY_GROUP_PRIME */
588 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
589 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
590 NULL, /* OAKLEY_GROUP_CURVE_A */
591 NULL, /* OAKLEY_GROUP_CURVE_B */
592 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
593 NULL, /* OAKLEY_LIFE_DURATION */
594 &oakley_prf_names, /* OAKLEY_PRF */
595 NULL, /* OAKLEY_KEY_LENGTH */
596 NULL, /* OAKLEY_FIELD_SIZE */
597 NULL, /* OAKLEY_GROUP_ORDER */
598 };
599
600 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
601
602 static const char *const ipsec_attr_name[] = {
603 "SA_LIFE_TYPE",
604 "SA_LIFE_DURATION",
605 "GROUP_DESCRIPTION",
606 "ENCAPSULATION_MODE",
607 "AUTH_ALGORITHM",
608 "KEY_LENGTH",
609 "KEY_ROUNDS",
610 "COMPRESS_DICT_SIZE",
611 "COMPRESS_PRIVATE_ALG",
612 };
613
614 static const char *const ipsec_var_attr_name[] = {
615 "SA_LIFE_DURATION (variable length)",
616 NULL,
617 NULL,
618 NULL,
619 NULL,
620 NULL,
621 NULL,
622 "COMPRESS_PRIVATE_ALG (variable length)",
623 };
624
625 static enum_names ipsec_attr_desc_tv = {
626 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
627 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
628 ipsec_attr_name, NULL };
629
630 enum_names ipsec_attr_names = {
631 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
632 ipsec_var_attr_name, &ipsec_attr_desc_tv };
633
634 /* for each IPsec attribute, which enum_names describes its values? */
635 enum_names *ipsec_attr_val_descs[] = {
636 NULL, /* (none) */
637 &sa_lifetime_names, /* SA_LIFE_TYPE */
638 NULL, /* SA_LIFE_DURATION */
639 &oakley_group_names, /* GROUP_DESCRIPTION */
640 &enc_mode_names, /* ENCAPSULATION_MODE */
641 &auth_alg_names, /* AUTH_ALGORITHM */
642 NULL, /* KEY_LENGTH */
643 NULL, /* KEY_ROUNDS */
644 NULL, /* COMPRESS_DICT_SIZE */
645 NULL, /* COMPRESS_PRIVATE_ALG */
646 };
647
648 /* SA Lifetime Type attribute */
649
650 static const char *const sa_lifetime_name[] = {
651 "SA_LIFE_TYPE_SECONDS",
652 "SA_LIFE_TYPE_KBYTES",
653 };
654
655 enum_names sa_lifetime_names =
656 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
657
658 /* Encapsulation Mode attribute */
659
660 static const char *const enc_mode_name[] = {
661 "ENCAPSULATION_MODE_TUNNEL",
662 "ENCAPSULATION_MODE_TRANSPORT",
663 "ENCAPSULATION_MODE_UDP_TUNNEL",
664 "ENCAPSULATION_MODE_UDP_TRANSPORT",
665 };
666
667 static const char *const enc_udp_mode_name[] = {
668 "ENCAPSULATION_MODE_UDP_TUNNEL",
669 "ENCAPSULATION_MODE_UDP_TRANSPORT",
670 };
671
672 static enum_names enc_udp_mode_names =
673 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
674
675 enum_names enc_mode_names =
676 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
677
678 /* Auth Algorithm attribute */
679
680 static const char *const auth_alg_name[] = {
681 "AUTH_ALGORITHM_HMAC_MD5",
682 "AUTH_ALGORITHM_HMAC_SHA1",
683 "AUTH_ALGORITHM_DES_MAC",
684 "AUTH_ALGORITHM_KPDK",
685 "AUTH_ALGORITHM_HMAC_SHA2_256",
686 "AUTH_ALGORITHM_HMAC_SHA2_384",
687 "AUTH_ALGORITHM_HMAC_SHA2_512",
688 "AUTH_ALGORITHM_HMAC_RIPEMD",
689 };
690
691 static const char *const extended_auth_alg_name[] = {
692 "AUTH_ALGORITHM_NULL"
693 };
694
695 enum_names extended_auth_alg_names =
696 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
697
698 enum_names auth_alg_names =
699 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_HMAC_RIPEMD, auth_alg_name
700 , &extended_auth_alg_names };
701
702 /* From draft-beaulieu-ike-xauth */
703 static const char *const xauth_type_name[] = {
704 "Generic",
705 "RADIUS-CHAP",
706 "OTP",
707 "S/KEY",
708 };
709
710 enum_names xauth_type_names =
711 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
712
713 /* From draft-beaulieu-ike-xauth */
714 static const char *const xauth_attr_tv_name[] = {
715 "XAUTH_TYPE",
716 NULL,
717 NULL,
718 NULL,
719 NULL,
720 NULL,
721 NULL,
722 "XAUTH_STATUS",
723 };
724
725 enum_names xauth_attr_tv_names = {
726 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
727 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
728
729 static const char *const unity_attr_name[] = {
730 "UNITY_BANNER",
731 "UNITY_SAVE_PASSWD",
732 "UNITY_DEF_DOMAIN",
733 "UNITY_SPLITDNS_NAME",
734 "UNITY_SPLIT_INCLUDE",
735 "UNITY_NATT_PORT",
736 "UNITY_LOCAL_LAN",
737 "UNITY_PFS",
738 "UNITY_FW_TYPE",
739 "UNITY_BACKUP_SERVERS",
740 "UNITY_DDNS_HOSTNAME",
741 };
742
743 enum_names unity_attr_names =
744 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
745
746
747 static const char *const xauth_attr_name[] = {
748 "XAUTH_USER_NAME",
749 "XAUTH_USER_PASSWORD",
750 "XAUTH_PASSCODE",
751 "XAUTH_MESSAGE",
752 "XAUTH_CHALLENGE",
753 "XAUTH_DOMAIN",
754 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
755 "XAUTH_NEXT_PIN",
756 "XAUTH_ANSWER",
757 };
758
759 enum_names xauth_attr_names =
760 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &unity_attr_names };
761
762 static const char *const modecfg_attr_name[] = {
763 "INTERNAL_IP4_ADDRESS",
764 "INTERNAL_IP4_NETMASK",
765 "INTERNAL_IP4_DNS",
766 "INTERNAL_IP4_NBNS",
767 "INTERNAL_ADDRESS_EXPIRY",
768 "INTERNAL_IP4_DHCP",
769 "APPLICATION_VERSION",
770 "INTERNAL_IP6_ADDRESS",
771 "INTERNAL_IP6_NETMASK",
772 "INTERNAL_IP6_DNS",
773 "INTERNAL_IP6_NBNS",
774 "INTERNAL_IP6_DHCP",
775 "INTERNAL_IP4_SUBNET",
776 "SUPPORTED_ATTRIBUTES",
777 "INTERNAL_IP6_SUBNET",
778 };
779
780 enum_names modecfg_attr_names =
781 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
782
783 /* Oakley Lifetime Type attribute */
784
785 static const char *const oakley_lifetime_name[] = {
786 "OAKLEY_LIFE_SECONDS",
787 "OAKLEY_LIFE_KILOBYTES",
788 };
789
790 enum_names oakley_lifetime_names =
791 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
792
793 /* Oakley PRF attribute (none defined) */
794
795 enum_names oakley_prf_names =
796 { 1, 0, NULL, NULL };
797
798 /* Oakley Encryption Algorithm attribute */
799
800 static const char *const oakley_enc_name[] = {
801 "OAKLEY_DES_CBC",
802 "OAKLEY_IDEA_CBC",
803 "OAKLEY_BLOWFISH_CBC",
804 "OAKLEY_RC5_R16_B64_CBC",
805 "OAKLEY_3DES_CBC",
806 "OAKLEY_CAST_CBC",
807 "OAKLEY_AES_CBC",
808 };
809
810 #ifdef NO_EXTRA_IKE
811 enum_names oakley_enc_names =
812 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name, NULL };
813 #else
814 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
815 "OAKLEY_MARS_CBC" /* 65001 */,
816 "OAKLEY_RC6_CBC" /* 65002 */,
817 "OAKLEY_ID_65003" /* 65003 */,
818 "OAKLEY_SERPENT_CBC" /* 65004 */,
819 "OAKLEY_TWOFISH_CBC" /* 65005 */,
820 };
821 static const char *const oakley_enc_name_ssh[] = {
822 "OAKLEY_TWOFISH_CBC_SSH",
823 };
824 enum_names oakley_enc_names_ssh =
825 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
826 , NULL };
827
828 enum_names oakley_enc_names_draft_aes_cbc_02 =
829 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
830 , &oakley_enc_names_ssh };
831
832 enum_names oakley_enc_names =
833 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name
834 , &oakley_enc_names_draft_aes_cbc_02 };
835 #endif
836
837 /* Oakley Hash Algorithm attribute */
838
839 static const char *const oakley_hash_name[] = {
840 "OAKLEY_MD5",
841 "OAKLEY_SHA",
842 "OAKLEY_TIGER",
843 "OAKLEY_SHA2_256",
844 "OAKLEY_SHA2_384",
845 "OAKLEY_SHA2_512",
846 };
847
848 enum_names oakley_hash_names =
849 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
850
851 /* Oakley Authentication Method attribute */
852
853 static const char *const oakley_auth_name1[] = {
854 "OAKLEY_PRESHARED_KEY",
855 "OAKLEY_DSS_SIG",
856 "OAKLEY_RSA_SIG",
857 "OAKLEY_RSA_ENC",
858 "OAKLEY_RSA_ENC_REV",
859 "OAKLEY_ELGAMAL_ENC",
860 "OAKLEY_ELGAMAL_ENC_REV",
861 };
862
863 static const char *const oakley_auth_name2[] = {
864 "HybridInitRSA",
865 "HybridRespRSA",
866 "HybridInitDSS",
867 "HybridRespDSS",
868 };
869
870 static const char *const oakley_auth_name3[] = {
871 "XAUTHInitPreShared",
872 "XAUTHRespPreShared",
873 "XAUTHInitDSS",
874 "XAUTHRespDSS",
875 "XAUTHInitRSA",
876 "XAUTHRespRSA",
877 "XAUTHInitRSAEncryption",
878 "XAUTHRespRSAEncryption",
879 "XAUTHInitRSARevisedEncryption",
880 "XAUTHRespRSARevisedEncryption",
881 };
882
883 static enum_names oakley_auth_names1 =
884 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
885 , oakley_auth_name1, NULL };
886
887 static enum_names oakley_auth_names2 =
888 { HybridInitRSA, HybridRespDSS
889 , oakley_auth_name2, &oakley_auth_names1 };
890
891 enum_names oakley_auth_names =
892 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
893 , oakley_auth_name3, &oakley_auth_names2 };
894
895 /* Oakley Group Description attribute */
896
897 static const char *const oakley_group_name[] = {
898 "OAKLEY_GROUP_MODP768",
899 "OAKLEY_GROUP_MODP1024",
900 "OAKLEY_GROUP_GP155",
901 "OAKLEY_GROUP_GP185",
902 "OAKLEY_GROUP_MODP1536",
903 };
904
905 static const char *const oakley_group_name_rfc3526[] = {
906 "OAKLEY_GROUP_MODP2048",
907 "OAKLEY_GROUP_MODP3072",
908 "OAKLEY_GROUP_MODP4096",
909 "OAKLEY_GROUP_MODP6144",
910 "OAKLEY_GROUP_MODP8192"
911 };
912 enum_names oakley_group_names_rfc3526 =
913 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
914 oakley_group_name_rfc3526, NULL };
915
916 enum_names oakley_group_names =
917 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
918 oakley_group_name, &oakley_group_names_rfc3526 };
919
920 /* Oakley Group Type attribute */
921
922 static const char *const oakley_group_type_name[] = {
923 "OAKLEY_GROUP_TYPE_MODP",
924 "OAKLEY_GROUP_TYPE_ECP",
925 "OAKLEY_GROUP_TYPE_EC2N",
926 };
927
928 enum_names oakley_group_type_names =
929 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
930
931 /* Notify messages -- error types */
932
933 static const char *const notification_name[] = {
934 "INVALID_PAYLOAD_TYPE",
935 "DOI_NOT_SUPPORTED",
936 "SITUATION_NOT_SUPPORTED",
937 "INVALID_COOKIE",
938 "INVALID_MAJOR_VERSION",
939 "INVALID_MINOR_VERSION",
940 "INVALID_EXCHANGE_TYPE",
941 "INVALID_FLAGS",
942 "INVALID_MESSAGE_ID",
943 "INVALID_PROTOCOL_ID",
944 "INVALID_SPI",
945 "INVALID_TRANSFORM_ID",
946 "ATTRIBUTES_NOT_SUPPORTED",
947 "NO_PROPOSAL_CHOSEN",
948 "BAD_PROPOSAL_SYNTAX",
949 "PAYLOAD_MALFORMED",
950 "INVALID_KEY_INFORMATION",
951 "INVALID_ID_INFORMATION",
952 "INVALID_CERT_ENCODING",
953 "INVALID_CERTIFICATE",
954 "CERT_TYPE_UNSUPPORTED",
955 "INVALID_CERT_AUTHORITY",
956 "INVALID_HASH_INFORMATION",
957 "AUTHENTICATION_FAILED",
958 "INVALID_SIGNATURE",
959 "ADDRESS_NOTIFICATION",
960 "NOTIFY_SA_LIFETIME",
961 "CERTIFICATE_UNAVAILABLE",
962 "UNSUPPORTED_EXCHANGE_TYPE",
963 "UNEQUAL_PAYLOAD_LENGTHS",
964 };
965
966 static const char *const notification_status_name[] = {
967 "CONNECTED",
968 };
969
970 static const char *const ipsec_notification_name[] = {
971 "IPSEC_RESPONDER_LIFETIME",
972 "IPSEC_REPLAY_STATUS",
973 "IPSEC_INITIAL_CONTACT",
974 };
975
976 static const char *const notification_dpd_name[] = {
977 "R_U_THERE",
978 "R_U_THERE_ACK",
979 };
980
981 enum_names notification_dpd_names =
982 { R_U_THERE, R_U_THERE_ACK,
983 notification_dpd_name, NULL };
984
985 enum_names ipsec_notification_names =
986 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
987 ipsec_notification_name, &notification_dpd_names };
988
989 enum_names notification_status_names =
990 { CONNECTED, CONNECTED,
991 notification_status_name, &ipsec_notification_names };
992
993 enum_names notification_names =
994 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
995 notification_name, &notification_status_names };
996
997 /* MODECFG
998 * From draft-dukes-ike-mode-cfg
999 */
1000 const char *const attr_msg_type_name[] = {
1001 "ISAKMP_CFG_RESERVED",
1002 "ISAKMP_CFG_REQUEST",
1003 "ISAKMP_CFG_REPLY",
1004 "ISAKMP_CFG_SET",
1005 "ISAKMP_CFG_ACK",
1006 NULL
1007 };
1008
1009 enum_names attr_msg_type_names =
1010 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1011
1012 /* socket address family info */
1013
1014 static const char *const af_inet_name[] = {
1015 "AF_INET",
1016 };
1017
1018 static const char *const af_inet6_name[] = {
1019 "AF_INET6",
1020 };
1021
1022 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1023
1024 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1025
1026 static ip_address ipv4_any, ipv6_any;
1027 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1028 static ip_subnet ipv4_all, ipv6_all;
1029
1030 const struct af_info af_inet4_info = {
1031 AF_INET,
1032 "AF_INET",
1033 sizeof(struct in_addr),
1034 sizeof(struct sockaddr_in),
1035 32,
1036 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1037 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1038 };
1039
1040 const struct af_info af_inet6_info = {
1041 AF_INET6,
1042 "AF_INET6",
1043 sizeof(struct in6_addr),
1044 sizeof(struct sockaddr_in6),
1045 128,
1046 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1047 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1048 };
1049
1050 const struct af_info *
1051 aftoinfo(int af)
1052 {
1053 switch (af)
1054 {
1055 case AF_INET:
1056 return &af_inet4_info;
1057 case AF_INET6:
1058 return &af_inet6_info;
1059 default:
1060 return NULL;
1061 }
1062 }
1063
1064 bool
1065 subnetisnone(const ip_subnet *sn)
1066 {
1067 ip_address base;
1068
1069 networkof(sn, &base);
1070 return isanyaddr(&base) && subnetishost(sn);
1071 }
1072
1073 /* BIND enumerated types */
1074
1075 #include <arpa/nameser.h>
1076
1077 static const char *const rr_type_name[] = {
1078 "T_A", /* 1 host address */
1079 "T_NS", /* 2 authoritative server */
1080 "T_MD", /* 3 mail destination */
1081 "T_MF", /* 4 mail forwarder */
1082 "T_CNAME", /* 5 canonical name */
1083 "T_SOA", /* 6 start of authority zone */
1084 "T_MB", /* 7 mailbox domain name */
1085 "T_MG", /* 8 mail group member */
1086 "T_MR", /* 9 mail rename name */
1087 "T_NULL", /* 10 null resource record */
1088 "T_WKS", /* 11 well known service */
1089 "T_PTR", /* 12 domain name pointer */
1090 "T_HINFO", /* 13 host information */
1091 "T_MINFO", /* 14 mailbox information */
1092 "T_MX", /* 15 mail routing information */
1093 "T_TXT", /* 16 text strings */
1094 "T_RP", /* 17 responsible person */
1095 "T_AFSDB", /* 18 AFS cell database */
1096 "T_X25", /* 19 X_25 calling address */
1097 "T_ISDN", /* 20 ISDN calling address */
1098 "T_RT", /* 21 router */
1099 "T_NSAP", /* 22 NSAP address */
1100 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1101 "T_SIG", /* 24 security signature */
1102 "T_KEY", /* 25 security key */
1103 "T_PX", /* 26 X.400 mail mapping */
1104 "T_GPOS", /* 27 geographical position (withdrawn) */
1105 "T_AAAA", /* 28 IP6 Address */
1106 "T_LOC", /* 29 Location Information */
1107 "T_NXT", /* 30 Next Valid Name in Zone */
1108 "T_EID", /* 31 Endpoint identifier */
1109 "T_NIMLOC", /* 32 Nimrod locator */
1110 "T_SRV", /* 33 Server selection */
1111 "T_ATMA", /* 34 ATM Address */
1112 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1113 NULL
1114 };
1115
1116 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1117
1118 /* Query type values which do not appear in resource records */
1119 static const char *const rr_qtype_name[] = {
1120 "T_IXFR", /* 251 incremental zone transfer */
1121 "T_AXFR", /* 252 transfer zone of authority */
1122 "T_MAILB", /* 253 transfer mailbox records */
1123 "T_MAILA", /* 254 transfer mail agent records */
1124 "T_ANY", /* 255 wildcard match */
1125 NULL
1126 };
1127
1128 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1129
1130 static const char *const rr_class_name[] = {
1131 "C_IN", /* 1 the arpa internet */
1132 NULL
1133 };
1134
1135 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1136
1137 /*
1138 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1139 *
1140 */
1141 const char *const natt_type_bitnames[] = {
1142 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1143 "draft-ietf-ipsec-nat-t-ike-02/03",
1144 "RFC 3947",
1145 "3", /* 3 */
1146 "4", "5", "6", "7",
1147 "8", "9", "10", "11",
1148 "12", "13", "14", "15",
1149 "16", "17", "18", "19",
1150 "20", "21", "22", "23",
1151 "24", "25", "26", "27",
1152 "28", "29",
1153 "nat is behind me",
1154 "nat is behind peer"
1155 };
1156
1157 /* look up enum names in an enum_names */
1158
1159 const char *
1160 enum_name(enum_names *ed, unsigned long val)
1161 {
1162 enum_names *p;
1163
1164 for (p = ed; p != NULL; p = p->en_next_range)
1165 {
1166 if (p->en_first <= val && val <= p->en_last)
1167 return p->en_names[val - p->en_first];
1168 }
1169 return NULL;
1170 }
1171
1172 /* find or construct a string to describe an enum value
1173 * Result may be in STATIC buffer!
1174 */
1175 const char *
1176 enum_show(enum_names *ed, unsigned long val)
1177 {
1178 const char *p = enum_name(ed, val);
1179
1180 if (p == NULL)
1181 {
1182 static char buf[12]; /* only one! I hope that it is big enough */
1183
1184 snprintf(buf, sizeof(buf), "%lu??", val);
1185 p = buf;
1186 }
1187 return p;
1188 }
1189
1190
1191 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1192
1193 int
1194 enum_search(enum_names *ed, const char *str)
1195 {
1196 enum_names *p;
1197 const char *ptr;
1198 unsigned en;
1199
1200 for (p = ed; p != NULL; p = p->en_next_range)
1201 for (en = p->en_first; en <= p->en_last ;en++)
1202 {
1203 ptr = p->en_names[en - p->en_first];
1204 if (ptr == 0) continue;
1205 /* if (strncmp(ptr, str, strlen(ptr))==0) */
1206 if (strcmp(ptr, str) == 0)
1207 return en;
1208 }
1209 return -1;
1210 }
1211
1212 /* construct a string to name the bits on in a set
1213 * Result may be in STATIC buffer!
1214 * Note: prettypolicy depends on internal details.
1215 */
1216 const char *
1217 bitnamesof(const char *const table[], lset_t val)
1218 {
1219 char *p = bitnamesbuf;
1220 lset_t bit;
1221 const char *const *tp;
1222
1223 if (val == 0)
1224 return "none";
1225
1226 for (tp = table, bit = 01; val != 0; bit <<= 1)
1227 {
1228 if (val & bit)
1229 {
1230 const char *n = *tp;
1231 size_t nl;
1232
1233 if (n == NULL || *n == '\0')
1234 {
1235 /* no name for this bit, so use hex */
1236 static char flagbuf[sizeof("0x80000000")];
1237
1238 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1239 n = flagbuf;
1240 }
1241
1242 nl = strlen(n);
1243
1244 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1245 *p++ = '+';
1246
1247 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1248 {
1249 strcpy(p, n);
1250 p += nl;
1251 }
1252 val -= bit;
1253 }
1254 if (*tp != NULL)
1255 tp++; /* move on, but not past end */
1256 }
1257 *p = '\0';
1258 return bitnamesbuf;
1259 }
1260
1261 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1262 * Suppress the shunt and fail fields if 0.
1263 */
1264 const char *
1265 prettypolicy(lset_t policy)
1266 {
1267 const char *bn = bitnamesof(sa_policy_bit_names
1268 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1269 size_t len;
1270 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1271 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1272
1273 if (bn != bitnamesbuf)
1274 bitnamesbuf[0] = '\0';
1275 len = strlen(bitnamesbuf);
1276 if (shunt != 0)
1277 {
1278 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1279 , policy_shunt_names[shunt]);
1280 len += strlen(bitnamesbuf + len);
1281 }
1282 if (fail != 0)
1283 {
1284 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1285 , policy_fail_names[fail]);
1286 len += strlen(bitnamesbuf + len);
1287 }
1288 if (NEVER_NEGOTIATE(policy))
1289 {
1290 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1291 len += strlen(bitnamesbuf + len);
1292 }
1293 return bitnamesbuf;
1294 }
1295
1296 /* test a set by seeing if all bits have names */
1297
1298 bool
1299 testset(const char *const table[], lset_t val)
1300 {
1301 lset_t bit;
1302 const char *const *tp;
1303
1304 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1305 {
1306 const char *n = *tp;
1307
1308 if (n == NULL || ((val & bit) && *n == '\0'))
1309 return FALSE;
1310 val &= ~bit;
1311 }
1312 return TRUE;
1313 }
1314
1315
1316 const char sparse_end[] = "end of sparse names";
1317
1318 /* look up enum names in a sparse_names */
1319 const char *sparse_name(sparse_names sd, unsigned long val)
1320 {
1321 const struct sparse_name *p;
1322
1323 for (p = sd; p->name != sparse_end; p++)
1324 if (p->val == val)
1325 return p->name;
1326 return NULL;
1327 }
1328
1329 /* find or construct a string to describe an sparse value
1330 * Result may be in STATIC buffer!
1331 */
1332 const char *
1333 sparse_val_show(sparse_names sd, unsigned long val)
1334 {
1335 const char *p = sparse_name(sd, val);
1336
1337 if (p == NULL)
1338 {
1339 static char buf[12]; /* only one! I hope that it is big enough */
1340
1341 snprintf(buf, sizeof(buf), "%lu??", val);
1342 p = buf;
1343 }
1344 return p;
1345 }
1346
1347 void init_constants(void)
1348 {
1349 happy(anyaddr(AF_INET, &ipv4_any));
1350 happy(anyaddr(AF_INET6, &ipv6_any));
1351
1352 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1353 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1354
1355 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1356 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1357 }