use the Diffie-Hellman functionality of libstrongswan
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Note that the array sizes are all specified; this is to enable range
18 * checking by code that only includes constants.h.
19 */
20
21 #include <stddef.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <netinet/in.h>
25
26 #include <freeswan.h>
27 #include <ipsec_policy.h>
28
29 #include "constants.h"
30 #include "defs.h"
31 #include "log.h"
32 #include "packet.h"
33
34 /* string naming compile-time options that have interop implications */
35
36 const char compile_time_interop_options[] = ""
37 #ifdef THREADS
38 " THREADS"
39 #endif
40 #ifdef SMARTCARD
41 " SMARTCARD"
42 #endif
43 #ifdef VENDORID
44 " VENDORID"
45 #endif
46 #ifdef CISCO_QUIRKS
47 " CISCO_QUIRKS"
48 #endif
49 #ifdef USE_KEYRR
50 " KEYRR"
51 #endif
52 ;
53
54 /* version */
55
56 static const char *const version_name[] = {
57 "ISAKMP Version 1.0",
58 };
59
60 enum_names version_names =
61 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
62 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
63 version_name, NULL };
64
65 /* RFC 2459 CRL reason codes */
66
67 ENUM(crl_reason_names, REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL,
68 "unspecified",
69 "key compromise",
70 "ca compromise",
71 "affiliation changed",
72 "superseded",
73 "cessation of operation",
74 "certificate hold",
75 "reason #7",
76 "remove from crl"
77 );
78
79 /* RFC 3706 Dead Peer Detection */
80
81 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
82 "none",
83 "clear",
84 "hold",
85 "restart"
86 );
87
88 /* Timer events */
89
90 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
91 "EVENT_NULL",
92 "EVENT_REINIT_SECRET",
93 "EVENT_SHUNT_SCAN",
94 "EVENT_SO_DISCARD",
95 "EVENT_RETRANSMIT",
96 "EVENT_SA_REPLACE",
97 "EVENT_SA_REPLACE_IF_USED",
98 "EVENT_SA_EXPIRE",
99 "EVENT_NAT_T_KEEPALIVE",
100 "EVENT_DPD",
101 "EVENT_DPD_TIMEOUT",
102 "EVENT_LOG_DAILY"
103 );
104
105 /* Domain of Interpretation */
106
107 static const char *const doi_name[] = {
108 "ISAKMP_DOI_ISAKMP",
109 "ISAKMP_DOI_IPSEC",
110 };
111
112 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
113
114 /* debugging settings: a set of selections for reporting
115 * These would be more naturally situated in log.h,
116 * but they are shared with whack.
117 * It turns out that "debug-" is clutter in all contexts this is used,
118 * so we leave it off.
119 */
120 #ifdef DEBUG
121 const char *const debug_bit_names[] = {
122 "raw",
123 "crypt",
124 "parsing",
125 "emitting",
126 "control",
127 "lifecycle",
128 "klips",
129 "dns",
130 "natt",
131 "oppo",
132 "controlmore",
133
134 "private",
135
136 "impair-delay-adns-key-answer",
137 "impair-delay-adns-txt-answer",
138 "impair-bust-mi2",
139 "impair-bust-mr2",
140
141 NULL
142 };
143 #endif
144
145 /* State of exchanges */
146
147 static const char *const state_name[] = {
148 "STATE_MAIN_R0",
149 "STATE_MAIN_I1",
150 "STATE_MAIN_R1",
151 "STATE_MAIN_I2",
152 "STATE_MAIN_R2",
153 "STATE_MAIN_I3",
154 "STATE_MAIN_R3",
155 "STATE_MAIN_I4",
156
157 "STATE_QUICK_R0",
158 "STATE_QUICK_I1",
159 "STATE_QUICK_R1",
160 "STATE_QUICK_I2",
161 "STATE_QUICK_R2",
162
163 "STATE_INFO",
164 "STATE_INFO_PROTECTED",
165
166 "STATE_XAUTH_I0",
167 "STATE_XAUTH_R1",
168 "STATE_XAUTH_I1",
169 "STATE_XAUTH_R2",
170 "STATE_XAUTH_I2",
171 "STATE_XAUTH_R3",
172
173 "STATE_MODE_CFG_R0",
174 "STATE_MODE_CFG_I1",
175 "STATE_MODE_CFG_R1",
176 "STATE_MODE_CFG_I2",
177
178 "STATE_MODE_CFG_I0",
179 "STATE_MODE_CFG_R3",
180 "STATE_MODE_CFG_I3",
181 "STATE_MODE_CFG_R4",
182
183 "STATE_IKE_ROOF"
184 };
185
186 enum_names state_names =
187 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
188
189 /* story for state */
190
191 const char *const state_story[] = {
192 "expecting MI1", /* STATE_MAIN_R0 */
193 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
194 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
195 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
196 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
197 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
198 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
199 "ISAKMP SA established", /* STATE_MAIN_I4 */
200
201 "expecting QI1", /* STATE_QUICK_R0 */
202 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
203 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
204 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
205 "IPsec SA established", /* STATE_QUICK_R2 */
206
207 "got Informational Message in clear", /* STATE_INFO */
208 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
209
210 "expecting XAUTH request", /* STATE_XAUTH_I0 */
211 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
212 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
213 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
214 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
215 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
216
217 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
218 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
219 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
220 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
221
222 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
223 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
224 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
225 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
226 };
227
228 /* kind of struct connection */
229
230 static const char *const connection_kind_name[] = {
231 "CK_GROUP", /* policy group: instantiates to template */
232 "CK_TEMPLATE", /* abstract connection, with wildcard */
233 "CK_PERMANENT", /* normal connection */
234 "CK_INSTANCE", /* instance of template, created for a particular attempt */
235 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
236 };
237
238 enum_names connection_kind_names =
239 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
240
241 /* routing status names */
242
243 static const char *const routing_story_strings[] = {
244 "unrouted", /* RT_UNROUTED: unrouted */
245 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
246 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
247 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
248 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
249 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
250 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
251 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
252 };
253
254 enum_names routing_story =
255 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
256
257 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
258
259 const char *const payload_name[] = {
260 "ISAKMP_NEXT_NONE",
261 "ISAKMP_NEXT_SA",
262 "ISAKMP_NEXT_P",
263 "ISAKMP_NEXT_T",
264 "ISAKMP_NEXT_KE",
265 "ISAKMP_NEXT_ID",
266 "ISAKMP_NEXT_CERT",
267 "ISAKMP_NEXT_CR",
268 "ISAKMP_NEXT_HASH",
269 "ISAKMP_NEXT_SIG",
270 "ISAKMP_NEXT_NONCE",
271 "ISAKMP_NEXT_N",
272 "ISAKMP_NEXT_D",
273 "ISAKMP_NEXT_VID",
274 "ISAKMP_NEXT_MODECFG",
275 "ISAKMP_NEXT_15",
276 "ISAKMP_NEXT_16",
277 "ISAKMP_NEXT_17",
278 "ISAKMP_NEXT_18",
279 "ISAKMP_NEXT_19",
280 "ISAKMP_NEXT_NAT-D",
281 "ISAKMP_NEXT_NAT-OA",
282 NULL
283 };
284
285 const char *const payload_name_nat_d[] = {
286 "ISAKMP_NEXT_NAT-D",
287 "ISAKMP_NEXT_NAT-OA", NULL
288 };
289
290 static enum_names payload_names_nat_d =
291 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
292
293 enum_names payload_names =
294 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
295
296 /* Exchange types (note: two discontinuous ranges) */
297
298 static const char *const exchange_name[] = {
299 "ISAKMP_XCHG_NONE",
300 "ISAKMP_XCHG_BASE",
301 "ISAKMP_XCHG_IDPROT",
302 "ISAKMP_XCHG_AO",
303 "ISAKMP_XCHG_AGGR",
304 "ISAKMP_XCHG_INFO",
305 "ISAKMP_XCHG_MODE_CFG",
306 };
307
308 static const char *const exchange_name2[] = {
309 "ISAKMP_XCHG_QUICK",
310 "ISAKMP_XCHG_NGRP",
311 "ISAKMP_XCHG_ACK_INFO",
312 };
313
314 static enum_names exchange_desc2 =
315 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
316
317 enum_names exchange_names =
318 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
319
320 /* Flag BITS */
321 const char *const flag_bit_names[] = {
322 "ISAKMP_FLAG_ENCRYPTION",
323 "ISAKMP_FLAG_COMMIT",
324 NULL
325 };
326
327 /* Situation BITS definition for IPsec DOI */
328
329 const char *const sit_bit_names[] = {
330 "SIT_IDENTITY_ONLY",
331 "SIT_SECRECY",
332 "SIT_INTEGRITY",
333 NULL
334 };
335
336 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
337
338 static const char *const protocol_name[] = {
339 "PROTO_ISAKMP",
340 "PROTO_IPSEC_AH",
341 "PROTO_IPSEC_ESP",
342 "PROTO_IPCOMP",
343 };
344
345 enum_names protocol_names =
346 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
347
348 /* IPsec ISAKMP transform values */
349
350 static const char *const isakmp_transform_name[] = {
351 "KEY_IKE",
352 };
353
354 enum_names isakmp_transformid_names =
355 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
356
357 /* IPsec AH transform values */
358
359 static const char *const ah_transform_name[] = {
360 "HMAC_MD5",
361 "HMAC_SHA1",
362 "DES_MAC",
363 "HMAC_SHA2_256",
364 "HMAC_SHA2_384",
365 "HMAC_SHA2_512",
366 "HMAC_RIPEMD",
367 "AES_XCBC_96",
368 "SIG_RSA"
369 };
370
371 enum_names ah_transformid_names =
372 { AH_MD5, AH_RSA, ah_transform_name, NULL };
373
374 /* IPsec ESP transform values */
375
376 static const char *const esp_transform_name[] = {
377 "DES_IV64",
378 "DES_CBC",
379 "3DES_CBC",
380 "RC5_CBC",
381 "IDEA_CBC",
382 "CAST_CBC",
383 "BLOWFISH_CBC",
384 "3IDEA",
385 "DES_IV32",
386 "RC4",
387 "NULL",
388 "AES_CBC",
389 "AES_CTR",
390 "AES_CCM_8",
391 "AES_CCM_12",
392 "AES_CCM_16",
393 "UNASSIGNED_17",
394 "AES_GCM_8",
395 "AES_GCM_12",
396 "AES_GCM_16",
397 "SEED_CBC",
398 "CAMELLIA_CBC"
399 };
400
401 static const char *const esp_transform_name_high[] = {
402 "SERPENT_CBC",
403 "TWOFISH_CBC"
404 };
405
406 enum_names esp_transformid_names_high =
407 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
408
409 enum_names esp_transformid_names =
410 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
411
412 /* IPCOMP transform values */
413
414 static const char *const ipcomp_transform_name[] = {
415 "IPCOMP_OUI",
416 "IPCOMP_DEFLAT",
417 "IPCOMP_LZS",
418 "IPCOMP_LZJH",
419 };
420
421 enum_names ipcomp_transformid_names =
422 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
423
424 /* Identification type values */
425
426 static const char *const ident_name[] = {
427 "ID_IPV4_ADDR",
428 "ID_FQDN",
429 "ID_USER_FQDN",
430 "ID_IPV4_ADDR_SUBNET",
431 "ID_IPV6_ADDR",
432 "ID_IPV6_ADDR_SUBNET",
433 "ID_IPV4_ADDR_RANGE",
434 "ID_IPV6_ADDR_RANGE",
435 "ID_DER_ASN1_DN",
436 "ID_DER_ASN1_GN",
437 "ID_KEY_ID",
438 };
439
440 enum_names ident_names =
441 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
442
443 /* Certificate type values */
444
445 static const char *const cert_type_name[] = {
446 "CERT_NONE",
447 "CERT_PKCS7_WRAPPED_X509",
448 "CERT_PGP",
449 "CERT_DNS_SIGNED_KEY",
450 "CERT_X509_SIGNATURE",
451 "CERT_X509_KEY_EXCHANGE",
452 "CERT_KERBEROS_TOKENS",
453 "CERT_CRL",
454 "CERT_ARL",
455 "CERT_SPKI",
456 "CERT_X509_ATTRIBUTE",
457 };
458
459 enum_names cert_type_names =
460 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
461
462 /* Certificate policy names */
463
464 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
465 "ALWAYS_SEND",
466 "SEND_IF_ASKED",
467 "NEVER_SEND",
468 );
469
470 /* Goal BITs for establishing an SA
471 * Note: we drop the POLICY_ prefix so that logs are more concise.
472 */
473
474 const char *const sa_policy_bit_names[] = {
475 "PSK",
476 "RSASIG",
477 "ENCRYPT",
478 "AUTHENTICATE",
479 "COMPRESS",
480 "TUNNEL",
481 "PFS",
482 "DISABLEARRIVALCHECK",
483 "SHUNT0",
484 "SHUNT1",
485 "FAILSHUNT0",
486 "FAILSHUNT1",
487 "DONTREKEY",
488 "OPPORTUNISTIC",
489 "GROUP",
490 "GROUTED",
491 "UP",
492 "MODECFGPUSH",
493 "XAUTHPSK",
494 "XAUTHRSASIG",
495 "XAUTHSERVER",
496 "DONTREAUTH",
497 "BEET",
498 "MOBIKE",
499 "ECDSA",
500 "PROXY",
501 NULL
502 };
503
504 const char *const policy_shunt_names[4] = {
505 "TRAP",
506 "PASS",
507 "DROP",
508 "REJECT",
509 };
510
511 const char *const policy_fail_names[4] = {
512 "NONE",
513 "PASS",
514 "DROP",
515 "REJECT",
516 };
517
518 /* Oakley transform attributes
519 * oakley_attr_bit_names does double duty: it is used for enum names
520 * and bit names.
521 */
522
523 const char *const oakley_attr_bit_names[] = {
524 "OAKLEY_ENCRYPTION_ALGORITHM",
525 "OAKLEY_HASH_ALGORITHM",
526 "OAKLEY_AUTHENTICATION_METHOD",
527 "OAKLEY_GROUP_DESCRIPTION",
528 "OAKLEY_GROUP_TYPE",
529 "OAKLEY_GROUP_PRIME",
530 "OAKLEY_GROUP_GENERATOR_ONE",
531 "OAKLEY_GROUP_GENERATOR_TWO",
532 "OAKLEY_GROUP_CURVE_A",
533 "OAKLEY_GROUP_CURVE_B",
534 "OAKLEY_LIFE_TYPE",
535 "OAKLEY_LIFE_DURATION",
536 "OAKLEY_PRF",
537 "OAKLEY_KEY_LENGTH",
538 "OAKLEY_FIELD_SIZE",
539 "OAKLEY_GROUP_ORDER",
540 "OAKLEY_BLOCK_SIZE",
541 NULL
542 };
543
544 static const char *const oakley_var_attr_name[] = {
545 "OAKLEY_GROUP_PRIME (variable length)",
546 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
547 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
548 "OAKLEY_GROUP_CURVE_A (variable length)",
549 "OAKLEY_GROUP_CURVE_B (variable length)",
550 NULL,
551 "OAKLEY_LIFE_DURATION (variable length)",
552 NULL,
553 NULL,
554 NULL,
555 "OAKLEY_GROUP_ORDER (variable length)",
556 };
557
558 static enum_names oakley_attr_desc_tv = {
559 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
560 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
561
562 enum_names oakley_attr_names = {
563 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
564 oakley_var_attr_name, &oakley_attr_desc_tv };
565
566 /* for each Oakley attribute, which enum_names describes its values? */
567 enum_names *oakley_attr_val_descs[] = {
568 NULL, /* (none) */
569 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
570 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
571 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
572 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
573 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
574 NULL, /* OAKLEY_GROUP_PRIME */
575 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
576 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
577 NULL, /* OAKLEY_GROUP_CURVE_A */
578 NULL, /* OAKLEY_GROUP_CURVE_B */
579 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
580 NULL, /* OAKLEY_LIFE_DURATION */
581 &oakley_prf_names, /* OAKLEY_PRF */
582 NULL, /* OAKLEY_KEY_LENGTH */
583 NULL, /* OAKLEY_FIELD_SIZE */
584 NULL, /* OAKLEY_GROUP_ORDER */
585 };
586
587 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
588
589 static const char *const ipsec_attr_name[] = {
590 "SA_LIFE_TYPE",
591 "SA_LIFE_DURATION",
592 "GROUP_DESCRIPTION",
593 "ENCAPSULATION_MODE",
594 "AUTH_ALGORITHM",
595 "KEY_LENGTH",
596 "KEY_ROUNDS",
597 "COMPRESS_DICT_SIZE",
598 "COMPRESS_PRIVATE_ALG",
599 };
600
601 static const char *const ipsec_var_attr_name[] = {
602 "SA_LIFE_DURATION (variable length)",
603 NULL,
604 NULL,
605 NULL,
606 NULL,
607 NULL,
608 NULL,
609 "COMPRESS_PRIVATE_ALG (variable length)",
610 };
611
612 static enum_names ipsec_attr_desc_tv = {
613 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
614 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
615 ipsec_attr_name, NULL };
616
617 enum_names ipsec_attr_names = {
618 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
619 ipsec_var_attr_name, &ipsec_attr_desc_tv };
620
621 /* for each IPsec attribute, which enum_names describes its values? */
622 enum_names *ipsec_attr_val_descs[] = {
623 NULL, /* (none) */
624 &sa_lifetime_names, /* SA_LIFE_TYPE */
625 NULL, /* SA_LIFE_DURATION */
626 &oakley_group_names, /* GROUP_DESCRIPTION */
627 &enc_mode_names, /* ENCAPSULATION_MODE */
628 &auth_alg_names, /* AUTH_ALGORITHM */
629 NULL, /* KEY_LENGTH */
630 NULL, /* KEY_ROUNDS */
631 NULL, /* COMPRESS_DICT_SIZE */
632 NULL, /* COMPRESS_PRIVATE_ALG */
633 };
634
635 /* SA Lifetime Type attribute */
636
637 static const char *const sa_lifetime_name[] = {
638 "SA_LIFE_TYPE_SECONDS",
639 "SA_LIFE_TYPE_KBYTES",
640 };
641
642 enum_names sa_lifetime_names =
643 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
644
645 /* Encapsulation Mode attribute */
646
647 static const char *const enc_mode_name[] = {
648 "ENCAPSULATION_MODE_TUNNEL",
649 "ENCAPSULATION_MODE_TRANSPORT",
650 "ENCAPSULATION_MODE_UDP_TUNNEL",
651 "ENCAPSULATION_MODE_UDP_TRANSPORT",
652 };
653
654 static const char *const enc_udp_mode_name[] = {
655 "ENCAPSULATION_MODE_UDP_TUNNEL",
656 "ENCAPSULATION_MODE_UDP_TRANSPORT",
657 };
658
659 static enum_names enc_udp_mode_names =
660 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
661
662 enum_names enc_mode_names =
663 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
664
665 /* Auth Algorithm attribute */
666
667 static const char *const auth_alg_name[] = {
668 "HMAC_MD5",
669 "HMAC_SHA1",
670 "DES_MAC",
671 "KPDK",
672 "HMAC_SHA2_256",
673 "HMAC_SHA2_384",
674 "HMAC_SHA2_512",
675 "HMAC_RIPEMD",
676 "AES_XCBC_96",
677 "SIG_RSA"
678 };
679
680 static const char *const extended_auth_alg_name[] = {
681 "NULL"
682 };
683
684 enum_names extended_auth_alg_names =
685 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
686
687 enum_names auth_alg_names =
688 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
689 , &extended_auth_alg_names };
690
691 /* From draft-beaulieu-ike-xauth */
692 static const char *const xauth_type_name[] = {
693 "Generic",
694 "RADIUS-CHAP",
695 "OTP",
696 "S/KEY",
697 };
698
699 enum_names xauth_type_names =
700 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
701
702 /* From draft-beaulieu-ike-xauth */
703 static const char *const xauth_attr_tv_name[] = {
704 "XAUTH_TYPE",
705 NULL,
706 NULL,
707 NULL,
708 NULL,
709 NULL,
710 NULL,
711 "XAUTH_STATUS",
712 };
713
714 enum_names xauth_attr_tv_names = {
715 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
716 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
717
718 static const char *const unity_attr_name[] = {
719 "UNITY_BANNER",
720 "UNITY_SAVE_PASSWD",
721 "UNITY_DEF_DOMAIN",
722 "UNITY_SPLITDNS_NAME",
723 "UNITY_SPLIT_INCLUDE",
724 "UNITY_NATT_PORT",
725 "UNITY_LOCAL_LAN",
726 "UNITY_PFS",
727 "UNITY_FW_TYPE",
728 "UNITY_BACKUP_SERVERS",
729 "UNITY_DDNS_HOSTNAME",
730 };
731
732 enum_names unity_attr_names =
733 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
734
735 static const char *const microsoft_attr_name[] = {
736 "INTERNAL_IP4_SERVER",
737 "INTERNAL_IP6_SERVER",
738 };
739
740 enum_names microsoft_attr_names =
741 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
742
743 static const char *const xauth_attr_name[] = {
744 "XAUTH_USER_NAME",
745 "XAUTH_USER_PASSWORD",
746 "XAUTH_PASSCODE",
747 "XAUTH_MESSAGE",
748 "XAUTH_CHALLENGE",
749 "XAUTH_DOMAIN",
750 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
751 "XAUTH_NEXT_PIN",
752 "XAUTH_ANSWER",
753 };
754
755 enum_names xauth_attr_names =
756 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
757
758 static const char *const modecfg_attr_name[] = {
759 "INTERNAL_IP4_ADDRESS",
760 "INTERNAL_IP4_NETMASK",
761 "INTERNAL_IP4_DNS",
762 "INTERNAL_IP4_NBNS",
763 "INTERNAL_ADDRESS_EXPIRY",
764 "INTERNAL_IP4_DHCP",
765 "APPLICATION_VERSION",
766 "INTERNAL_IP6_ADDRESS",
767 "INTERNAL_IP6_NETMASK",
768 "INTERNAL_IP6_DNS",
769 "INTERNAL_IP6_NBNS",
770 "INTERNAL_IP6_DHCP",
771 "INTERNAL_IP4_SUBNET",
772 "SUPPORTED_ATTRIBUTES",
773 "INTERNAL_IP6_SUBNET",
774 };
775
776 enum_names modecfg_attr_names =
777 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
778
779 /* Oakley Lifetime Type attribute */
780
781 static const char *const oakley_lifetime_name[] = {
782 "OAKLEY_LIFE_SECONDS",
783 "OAKLEY_LIFE_KILOBYTES",
784 };
785
786 enum_names oakley_lifetime_names =
787 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
788
789 /* Oakley PRF attribute (none defined) */
790
791 enum_names oakley_prf_names =
792 { 1, 0, NULL, NULL };
793
794 /* Oakley Encryption Algorithm attribute */
795
796 static const char *const oakley_enc_name[] = {
797 "DES_CBC",
798 "IDEA_CBC",
799 "BLOWFISH_CBC",
800 "RC5_R16_B64_CBC",
801 "3DES_CBC",
802 "CAST_CBC",
803 "AES_CBC",
804 "CAMELLIA_CBC"
805 };
806
807 #ifdef NO_EXTRA_IKE
808 enum_names oakley_enc_names =
809 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
810 #else
811 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
812 "MARS_CBC" /* 65001 */,
813 "RC6_CBC" /* 65002 */,
814 "ID_65003" /* 65003 */,
815 "SERPENT_CBC" /* 65004 */,
816 "TWOFISH_CBC" /* 65005 */,
817 };
818
819 static const char *const oakley_enc_name_ssh[] = {
820 "TWOFISH_CBC_SSH",
821 };
822
823 enum_names oakley_enc_names_ssh =
824 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
825 , NULL };
826
827 enum_names oakley_enc_names_draft_aes_cbc_02 =
828 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
829 , &oakley_enc_names_ssh };
830
831 enum_names oakley_enc_names =
832 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
833 , &oakley_enc_names_draft_aes_cbc_02 };
834 #endif
835
836 /* Oakley Hash Algorithm attribute */
837
838 static const char *const oakley_hash_name[] = {
839 "HMAC_MD5",
840 "HMAC_SHA1",
841 "HMAC_TIGER",
842 "HMAC_SHA2_256",
843 "HMAC_SHA2_384",
844 "HMAC_SHA2_512",
845 };
846
847 enum_names oakley_hash_names =
848 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
849
850 /* Oakley Authentication Method attribute */
851
852 static const char *const oakley_auth_name1[] = {
853 "OAKLEY_PRESHARED_KEY",
854 "OAKLEY_DSS_SIG",
855 "OAKLEY_RSA_SIG",
856 "OAKLEY_RSA_ENC",
857 "OAKLEY_RSA_ENC_REV",
858 "OAKLEY_ELGAMAL_ENC",
859 "OAKLEY_ELGAMAL_ENC_REV",
860 };
861
862 static const char *const oakley_auth_name2[] = {
863 "HybridInitRSA",
864 "HybridRespRSA",
865 "HybridInitDSS",
866 "HybridRespDSS",
867 };
868
869 static const char *const oakley_auth_name3[] = {
870 "XAUTHInitPreShared",
871 "XAUTHRespPreShared",
872 "XAUTHInitDSS",
873 "XAUTHRespDSS",
874 "XAUTHInitRSA",
875 "XAUTHRespRSA",
876 "XAUTHInitRSAEncryption",
877 "XAUTHRespRSAEncryption",
878 "XAUTHInitRSARevisedEncryption",
879 "XAUTHRespRSARevisedEncryption",
880 };
881
882 static enum_names oakley_auth_names1 =
883 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
884 , oakley_auth_name1, NULL };
885
886 static enum_names oakley_auth_names2 =
887 { HybridInitRSA, HybridRespDSS
888 , oakley_auth_name2, &oakley_auth_names1 };
889
890 enum_names oakley_auth_names =
891 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
892 , oakley_auth_name3, &oakley_auth_names2 };
893
894 /* Oakley Group Description attribute */
895
896 static const char *const oakley_group_name[] = {
897 "MODP_768",
898 "MODP_1024",
899 "GP_155",
900 "GP_185",
901 "MODP_1536",
902 };
903
904 static const char *const oakley_group_name_rfc3526[] = {
905 "MODP_2048",
906 "MODP_3072",
907 "MODP_4096",
908 "MODP_6144",
909 "MODP_8192"
910 };
911
912 static const char *const oakley_group_name_rfc4753[] = {
913 "ECP_256",
914 "ECP_384",
915 "ECP_521"
916 };
917
918 static const char *const oakley_group_name_rfc5114[] = {
919 "ECP_192",
920 "ECP_224"
921 };
922
923 enum_names oakley_group_names_rfc5114 =
924 { ECP_192_BIT, ECP_224_BIT,
925 oakley_group_name_rfc5114, NULL };
926
927 enum_names oakley_group_names_rfc4753 =
928 { ECP_256_BIT, ECP_521_BIT,
929 oakley_group_name_rfc4753, &oakley_group_names_rfc5114 };
930
931 enum_names oakley_group_names_rfc3526 =
932 { MODP_2048_BIT, MODP_8192_BIT,
933 oakley_group_name_rfc3526, &oakley_group_names_rfc4753 };
934
935 enum_names oakley_group_names =
936 { MODP_768_BIT, MODP_1536_BIT,
937 oakley_group_name, &oakley_group_names_rfc3526 };
938
939 /* Oakley Group Type attribute */
940
941 static const char *const oakley_group_type_name[] = {
942 "OAKLEY_GROUP_TYPE_MODP",
943 "OAKLEY_GROUP_TYPE_ECP",
944 "OAKLEY_GROUP_TYPE_EC2N",
945 };
946
947 enum_names oakley_group_type_names =
948 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
949
950 /* Notify messages -- error types */
951
952 static const char *const notification_name[] = {
953 "INVALID_PAYLOAD_TYPE",
954 "DOI_NOT_SUPPORTED",
955 "SITUATION_NOT_SUPPORTED",
956 "INVALID_COOKIE",
957 "INVALID_MAJOR_VERSION",
958 "INVALID_MINOR_VERSION",
959 "INVALID_EXCHANGE_TYPE",
960 "INVALID_FLAGS",
961 "INVALID_MESSAGE_ID",
962 "INVALID_PROTOCOL_ID",
963 "INVALID_SPI",
964 "INVALID_TRANSFORM_ID",
965 "ATTRIBUTES_NOT_SUPPORTED",
966 "NO_PROPOSAL_CHOSEN",
967 "BAD_PROPOSAL_SYNTAX",
968 "PAYLOAD_MALFORMED",
969 "INVALID_KEY_INFORMATION",
970 "INVALID_ID_INFORMATION",
971 "INVALID_CERT_ENCODING",
972 "INVALID_CERTIFICATE",
973 "CERT_TYPE_UNSUPPORTED",
974 "INVALID_CERT_AUTHORITY",
975 "INVALID_HASH_INFORMATION",
976 "AUTHENTICATION_FAILED",
977 "INVALID_SIGNATURE",
978 "ADDRESS_NOTIFICATION",
979 "NOTIFY_SA_LIFETIME",
980 "CERTIFICATE_UNAVAILABLE",
981 "UNSUPPORTED_EXCHANGE_TYPE",
982 "UNEQUAL_PAYLOAD_LENGTHS",
983 };
984
985 static const char *const notification_status_name[] = {
986 "CONNECTED",
987 };
988
989 static const char *const ipsec_notification_name[] = {
990 "IPSEC_RESPONDER_LIFETIME",
991 "IPSEC_REPLAY_STATUS",
992 "IPSEC_INITIAL_CONTACT",
993 };
994
995 static const char *const notification_dpd_name[] = {
996 "R_U_THERE",
997 "R_U_THERE_ACK",
998 };
999
1000 enum_names notification_dpd_names =
1001 { R_U_THERE, R_U_THERE_ACK,
1002 notification_dpd_name, NULL };
1003
1004 enum_names ipsec_notification_names =
1005 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
1006 ipsec_notification_name, &notification_dpd_names };
1007
1008 enum_names notification_status_names =
1009 { CONNECTED, CONNECTED,
1010 notification_status_name, &ipsec_notification_names };
1011
1012 enum_names notification_names =
1013 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
1014 notification_name, &notification_status_names };
1015
1016 /* MODECFG
1017 * From draft-dukes-ike-mode-cfg
1018 */
1019 const char *const attr_msg_type_name[] = {
1020 "ISAKMP_CFG_RESERVED",
1021 "ISAKMP_CFG_REQUEST",
1022 "ISAKMP_CFG_REPLY",
1023 "ISAKMP_CFG_SET",
1024 "ISAKMP_CFG_ACK",
1025 NULL
1026 };
1027
1028 enum_names attr_msg_type_names =
1029 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1030
1031 /* socket address family info */
1032
1033 static const char *const af_inet_name[] = {
1034 "AF_INET",
1035 };
1036
1037 static const char *const af_inet6_name[] = {
1038 "AF_INET6",
1039 };
1040
1041 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1042
1043 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1044
1045 static ip_address ipv4_any, ipv6_any;
1046 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1047 static ip_subnet ipv4_all, ipv6_all;
1048
1049 const struct af_info af_inet4_info = {
1050 AF_INET,
1051 "AF_INET",
1052 sizeof(struct in_addr),
1053 sizeof(struct sockaddr_in),
1054 32,
1055 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1056 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1057 };
1058
1059 const struct af_info af_inet6_info = {
1060 AF_INET6,
1061 "AF_INET6",
1062 sizeof(struct in6_addr),
1063 sizeof(struct sockaddr_in6),
1064 128,
1065 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1066 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1067 };
1068
1069 const struct af_info *
1070 aftoinfo(int af)
1071 {
1072 switch (af)
1073 {
1074 case AF_INET:
1075 return &af_inet4_info;
1076 case AF_INET6:
1077 return &af_inet6_info;
1078 default:
1079 return NULL;
1080 }
1081 }
1082
1083 bool
1084 subnetisnone(const ip_subnet *sn)
1085 {
1086 ip_address base;
1087
1088 networkof(sn, &base);
1089 return isanyaddr(&base) && subnetishost(sn);
1090 }
1091
1092 /* BIND enumerated types */
1093
1094 #include <arpa/nameser.h>
1095
1096 static const char *const rr_type_name[] = {
1097 "T_A", /* 1 host address */
1098 "T_NS", /* 2 authoritative server */
1099 "T_MD", /* 3 mail destination */
1100 "T_MF", /* 4 mail forwarder */
1101 "T_CNAME", /* 5 canonical name */
1102 "T_SOA", /* 6 start of authority zone */
1103 "T_MB", /* 7 mailbox domain name */
1104 "T_MG", /* 8 mail group member */
1105 "T_MR", /* 9 mail rename name */
1106 "T_NULL", /* 10 null resource record */
1107 "T_WKS", /* 11 well known service */
1108 "T_PTR", /* 12 domain name pointer */
1109 "T_HINFO", /* 13 host information */
1110 "T_MINFO", /* 14 mailbox information */
1111 "T_MX", /* 15 mail routing information */
1112 "T_TXT", /* 16 text strings */
1113 "T_RP", /* 17 responsible person */
1114 "T_AFSDB", /* 18 AFS cell database */
1115 "T_X25", /* 19 X_25 calling address */
1116 "T_ISDN", /* 20 ISDN calling address */
1117 "T_RT", /* 21 router */
1118 "T_NSAP", /* 22 NSAP address */
1119 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1120 "T_SIG", /* 24 security signature */
1121 "T_KEY", /* 25 security key */
1122 "T_PX", /* 26 X.400 mail mapping */
1123 "T_GPOS", /* 27 geographical position (withdrawn) */
1124 "T_AAAA", /* 28 IP6 Address */
1125 "T_LOC", /* 29 Location Information */
1126 "T_NXT", /* 30 Next Valid Name in Zone */
1127 "T_EID", /* 31 Endpoint identifier */
1128 "T_NIMLOC", /* 32 Nimrod locator */
1129 "T_SRV", /* 33 Server selection */
1130 "T_ATMA", /* 34 ATM Address */
1131 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1132 NULL
1133 };
1134
1135 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1136
1137 /* Query type values which do not appear in resource records */
1138 static const char *const rr_qtype_name[] = {
1139 "T_IXFR", /* 251 incremental zone transfer */
1140 "T_AXFR", /* 252 transfer zone of authority */
1141 "T_MAILB", /* 253 transfer mailbox records */
1142 "T_MAILA", /* 254 transfer mail agent records */
1143 "T_ANY", /* 255 wildcard match */
1144 NULL
1145 };
1146
1147 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1148
1149 static const char *const rr_class_name[] = {
1150 "C_IN", /* 1 the arpa internet */
1151 NULL
1152 };
1153
1154 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1155
1156 /*
1157 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1158 *
1159 */
1160 const char *const natt_type_bitnames[] = {
1161 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1162 "draft-ietf-ipsec-nat-t-ike-02/03",
1163 "RFC 3947",
1164 "3", /* 3 */
1165 "4", "5", "6", "7",
1166 "8", "9", "10", "11",
1167 "12", "13", "14", "15",
1168 "16", "17", "18", "19",
1169 "20", "21", "22", "23",
1170 "24", "25", "26", "27",
1171 "28", "29",
1172 "nat is behind me",
1173 "nat is behind peer"
1174 };
1175
1176 /* look up enum names in an enum_names */
1177
1178 const char *
1179 enum_name(enum_names *ed, unsigned long val)
1180 {
1181 enum_names *p;
1182
1183 for (p = ed; p != NULL; p = p->en_next_range)
1184 {
1185 if (p->en_first <= val && val <= p->en_last)
1186 return p->en_names[val - p->en_first];
1187 }
1188 return NULL;
1189 }
1190
1191 /* find or construct a string to describe an enum value
1192 * Result may be in STATIC buffer!
1193 */
1194 const char *
1195 enum_show(enum_names *ed, unsigned long val)
1196 {
1197 const char *p = enum_name(ed, val);
1198
1199 if (p == NULL)
1200 {
1201 static char buf[12]; /* only one! I hope that it is big enough */
1202
1203 snprintf(buf, sizeof(buf), "%lu??", val);
1204 p = buf;
1205 }
1206 return p;
1207 }
1208
1209
1210 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1211
1212 int
1213 enum_search(enum_names *ed, const char *str)
1214 {
1215 enum_names *p;
1216 const char *ptr;
1217 unsigned en;
1218
1219 for (p = ed; p != NULL; p = p->en_next_range)
1220 {
1221 for (en = p->en_first; en <= p->en_last ;en++)
1222 {
1223 ptr = p->en_names[en - p->en_first];
1224 if (ptr == 0)
1225 {
1226 continue;
1227 }
1228 if (streq(ptr, str))
1229 {
1230 return en;
1231 }
1232 }
1233 }
1234 return -1;
1235 }
1236
1237 /* construct a string to name the bits on in a set
1238 * Result may be in STATIC buffer!
1239 * Note: prettypolicy depends on internal details.
1240 */
1241 const char *
1242 bitnamesof(const char *const table[], lset_t val)
1243 {
1244 char *p = bitnamesbuf;
1245 lset_t bit;
1246 const char *const *tp;
1247
1248 if (val == 0)
1249 return "none";
1250
1251 for (tp = table, bit = 01; val != 0; bit <<= 1)
1252 {
1253 if (val & bit)
1254 {
1255 const char *n = *tp;
1256 size_t nl;
1257
1258 if (n == NULL || *n == '\0')
1259 {
1260 /* no name for this bit, so use hex */
1261 static char flagbuf[sizeof("0x80000000")];
1262
1263 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1264 n = flagbuf;
1265 }
1266
1267 nl = strlen(n);
1268
1269 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1270 *p++ = '+';
1271
1272 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1273 {
1274 strcpy(p, n);
1275 p += nl;
1276 }
1277 val -= bit;
1278 }
1279 if (*tp != NULL)
1280 tp++; /* move on, but not past end */
1281 }
1282 *p = '\0';
1283 return bitnamesbuf;
1284 }
1285
1286 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1287 * Suppress the shunt and fail fields if 0.
1288 */
1289 const char *
1290 prettypolicy(lset_t policy)
1291 {
1292 const char *bn = bitnamesof(sa_policy_bit_names
1293 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1294 size_t len;
1295 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1296 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1297
1298 if (bn != bitnamesbuf)
1299 bitnamesbuf[0] = '\0';
1300 len = strlen(bitnamesbuf);
1301 if (shunt != 0)
1302 {
1303 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1304 , policy_shunt_names[shunt]);
1305 len += strlen(bitnamesbuf + len);
1306 }
1307 if (fail != 0)
1308 {
1309 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1310 , policy_fail_names[fail]);
1311 len += strlen(bitnamesbuf + len);
1312 }
1313 if (NEVER_NEGOTIATE(policy))
1314 {
1315 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1316 len += strlen(bitnamesbuf + len);
1317 }
1318 return bitnamesbuf;
1319 }
1320
1321 /* test a set by seeing if all bits have names */
1322
1323 bool
1324 testset(const char *const table[], lset_t val)
1325 {
1326 lset_t bit;
1327 const char *const *tp;
1328
1329 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1330 {
1331 const char *n = *tp;
1332
1333 if (n == NULL || ((val & bit) && *n == '\0'))
1334 return FALSE;
1335 val &= ~bit;
1336 }
1337 return TRUE;
1338 }
1339
1340
1341 const char sparse_end[] = "end of sparse names";
1342
1343 /* look up enum names in a sparse_names */
1344 const char *sparse_name(sparse_names sd, unsigned long val)
1345 {
1346 const struct sparse_name *p;
1347
1348 for (p = sd; p->name != sparse_end; p++)
1349 if (p->val == val)
1350 return p->name;
1351 return NULL;
1352 }
1353
1354 /* find or construct a string to describe an sparse value
1355 * Result may be in STATIC buffer!
1356 */
1357 const char *
1358 sparse_val_show(sparse_names sd, unsigned long val)
1359 {
1360 const char *p = sparse_name(sd, val);
1361
1362 if (p == NULL)
1363 {
1364 static char buf[12]; /* only one! I hope that it is big enough */
1365
1366 snprintf(buf, sizeof(buf), "%lu??", val);
1367 p = buf;
1368 }
1369 return p;
1370 }
1371
1372 void init_constants(void)
1373 {
1374 happy(anyaddr(AF_INET, &ipv4_any));
1375 happy(anyaddr(AF_INET6, &ipv6_any));
1376
1377 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1378 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1379
1380 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1381 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1382 }
1383
1384 u_char secret_of_the_day[HASH_SIZE_SHA1];
1385
1386