projects / strongswan.git / blob
? search:


7823abe93abdc0d739cdda06cac1dba9399d2034
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Note that the array sizes are all specified; this is to enable range
18 * checking by code that only includes constants.h.
19 */
20
21 #include <stddef.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <netinet/in.h>
25
26 #include <freeswan.h>
27
28 #include <attributes/attributes.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef SMARTCARD
42 " SMARTCARD"
43 #endif
44 #ifdef VENDORID
45 " VENDORID"
46 #endif
47 #ifdef CISCO_QUIRKS
48 " CISCO_QUIRKS"
49 #endif
50 #ifdef USE_KEYRR
51 " KEYRR"
52 #endif
53 ;
54
55 /* version */
56
57 static const char *const version_name[] = {
58 "ISAKMP Version 1.0",
59 };
60
61 enum_names version_names =
62 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
63 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
64 version_name, NULL };
65
66 /* RFC 3706 Dead Peer Detection */
67
68 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
69 "none",
70 "clear",
71 "hold",
72 "restart"
73 );
74
75 /* Timer events */
76
77 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
78 "EVENT_NULL",
79 "EVENT_REINIT_SECRET",
80 "EVENT_SHUNT_SCAN",
81 "EVENT_SO_DISCARD",
82 "EVENT_RETRANSMIT",
83 "EVENT_SA_REPLACE",
84 "EVENT_SA_REPLACE_IF_USED",
85 "EVENT_SA_EXPIRE",
86 "EVENT_NAT_T_KEEPALIVE",
87 "EVENT_DPD",
88 "EVENT_DPD_TIMEOUT",
89 "EVENT_LOG_DAILY"
90 );
91
92 /* Domain of Interpretation */
93
94 static const char *const doi_name[] = {
95 "ISAKMP_DOI_ISAKMP",
96 "ISAKMP_DOI_IPSEC",
97 };
98
99 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
100
101 /* debugging settings: a set of selections for reporting
102 * These would be more naturally situated in log.h,
103 * but they are shared with whack.
104 * It turns out that "debug-" is clutter in all contexts this is used,
105 * so we leave it off.
106 */
107 #ifdef DEBUG
108 const char *const debug_bit_names[] = {
109 "raw",
110 "crypt",
111 "parsing",
112 "emitting",
113 "control",
114 "lifecycle",
115 "klips",
116 "dns",
117 "natt",
118 "oppo",
119 "controlmore",
120
121 "private",
122
123 "impair-delay-adns-key-answer",
124 "impair-delay-adns-txt-answer",
125 "impair-bust-mi2",
126 "impair-bust-mr2",
127
128 NULL
129 };
130 #endif
131
132 /* State of exchanges */
133
134 static const char *const state_name[] = {
135 "STATE_MAIN_R0",
136 "STATE_MAIN_I1",
137 "STATE_MAIN_R1",
138 "STATE_MAIN_I2",
139 "STATE_MAIN_R2",
140 "STATE_MAIN_I3",
141 "STATE_MAIN_R3",
142 "STATE_MAIN_I4",
143
144 "STATE_QUICK_R0",
145 "STATE_QUICK_I1",
146 "STATE_QUICK_R1",
147 "STATE_QUICK_I2",
148 "STATE_QUICK_R2",
149
150 "STATE_INFO",
151 "STATE_INFO_PROTECTED",
152
153 "STATE_XAUTH_I0",
154 "STATE_XAUTH_R1",
155 "STATE_XAUTH_I1",
156 "STATE_XAUTH_R2",
157 "STATE_XAUTH_I2",
158 "STATE_XAUTH_R3",
159
160 "STATE_MODE_CFG_R0",
161 "STATE_MODE_CFG_I1",
162 "STATE_MODE_CFG_R1",
163 "STATE_MODE_CFG_I2",
164
165 "STATE_MODE_CFG_I0",
166 "STATE_MODE_CFG_R3",
167 "STATE_MODE_CFG_I3",
168 "STATE_MODE_CFG_R4",
169
170 "STATE_IKE_ROOF"
171 };
172
173 enum_names state_names =
174 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
175
176 /* story for state */
177
178 const char *const state_story[] = {
179 "expecting MI1", /* STATE_MAIN_R0 */
180 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
181 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
182 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
183 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
184 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
185 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
186 "ISAKMP SA established", /* STATE_MAIN_I4 */
187
188 "expecting QI1", /* STATE_QUICK_R0 */
189 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
190 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
191 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
192 "IPsec SA established", /* STATE_QUICK_R2 */
193
194 "got Informational Message in clear", /* STATE_INFO */
195 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
196
197 "expecting XAUTH request", /* STATE_XAUTH_I0 */
198 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
199 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
200 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
201 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
202 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
203
204 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
205 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
206 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
207 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
208
209 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
210 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
211 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
212 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
213 };
214
215 /* kind of struct connection */
216
217 static const char *const connection_kind_name[] = {
218 "CK_GROUP", /* policy group: instantiates to template */
219 "CK_TEMPLATE", /* abstract connection, with wildcard */
220 "CK_PERMANENT", /* normal connection */
221 "CK_INSTANCE", /* instance of template, created for a particular attempt */
222 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
223 };
224
225 enum_names connection_kind_names =
226 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
227
228 /* routing status names */
229
230 static const char *const routing_story_strings[] = {
231 "unrouted", /* RT_UNROUTED: unrouted */
232 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
233 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
234 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
235 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
236 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
237 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
238 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
239 };
240
241 enum_names routing_story =
242 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
243
244 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
245
246 const char *const payload_name[] = {
247 "ISAKMP_NEXT_NONE",
248 "ISAKMP_NEXT_SA",
249 "ISAKMP_NEXT_P",
250 "ISAKMP_NEXT_T",
251 "ISAKMP_NEXT_KE",
252 "ISAKMP_NEXT_ID",
253 "ISAKMP_NEXT_CERT",
254 "ISAKMP_NEXT_CR",
255 "ISAKMP_NEXT_HASH",
256 "ISAKMP_NEXT_SIG",
257 "ISAKMP_NEXT_NONCE",
258 "ISAKMP_NEXT_N",
259 "ISAKMP_NEXT_D",
260 "ISAKMP_NEXT_VID",
261 "ISAKMP_NEXT_MODECFG",
262 "ISAKMP_NEXT_15",
263 "ISAKMP_NEXT_16",
264 "ISAKMP_NEXT_17",
265 "ISAKMP_NEXT_18",
266 "ISAKMP_NEXT_19",
267 "ISAKMP_NEXT_NAT-D",
268 "ISAKMP_NEXT_NAT-OA",
269 NULL
270 };
271
272 const char *const payload_name_nat_d[] = {
273 "ISAKMP_NEXT_NAT-D",
274 "ISAKMP_NEXT_NAT-OA", NULL
275 };
276
277 static enum_names payload_names_nat_d =
278 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
279
280 enum_names payload_names =
281 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
282
283 /* Exchange types (note: two discontinuous ranges) */
284
285 static const char *const exchange_name[] = {
286 "ISAKMP_XCHG_NONE",
287 "ISAKMP_XCHG_BASE",
288 "ISAKMP_XCHG_IDPROT",
289 "ISAKMP_XCHG_AO",
290 "ISAKMP_XCHG_AGGR",
291 "ISAKMP_XCHG_INFO",
292 "ISAKMP_XCHG_MODE_CFG",
293 };
294
295 static const char *const exchange_name2[] = {
296 "ISAKMP_XCHG_QUICK",
297 "ISAKMP_XCHG_NGRP",
298 "ISAKMP_XCHG_ACK_INFO",
299 };
300
301 static enum_names exchange_desc2 =
302 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
303
304 enum_names exchange_names =
305 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
306
307 /* Flag BITS */
308 const char *const flag_bit_names[] = {
309 "ISAKMP_FLAG_ENCRYPTION",
310 "ISAKMP_FLAG_COMMIT",
311 NULL
312 };
313
314 /* Situation BITS definition for IPsec DOI */
315
316 const char *const sit_bit_names[] = {
317 "SIT_IDENTITY_ONLY",
318 "SIT_SECRECY",
319 "SIT_INTEGRITY",
320 NULL
321 };
322
323 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
324
325 static const char *const protocol_name[] = {
326 "PROTO_ISAKMP",
327 "PROTO_IPSEC_AH",
328 "PROTO_IPSEC_ESP",
329 "PROTO_IPCOMP",
330 };
331
332 enum_names protocol_names =
333 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
334
335 /* IPsec ISAKMP transform values */
336
337 static const char *const isakmp_transform_name[] = {
338 "KEY_IKE",
339 };
340
341 enum_names isakmp_transformid_names =
342 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
343
344 /* IPsec AH transform values */
345
346 static const char *const ah_transform_name[] = {
347 "HMAC_MD5",
348 "HMAC_SHA1",
349 "DES_MAC",
350 "HMAC_SHA2_256",
351 "HMAC_SHA2_384",
352 "HMAC_SHA2_512",
353 "HMAC_RIPEMD",
354 "AES_XCBC_96",
355 "SIG_RSA",
356 "AES_128_GMAC",
357 "AES_192_GMAC",
358 "AES_256_GMAC"
359 };
360
361 static const char *const ah_transform_name_high[] = {
362 "HMAC_SHA2_256_96"
363 };
364
365 enum_names ah_transform_names_high =
366 { AH_SHA2_256_96, AH_SHA2_256_96, ah_transform_name_high, NULL };
367
368 enum_names ah_transform_names =
369 { AH_MD5, AH_AES_256_GMAC, ah_transform_name, &ah_transform_names_high };
370
371 /* IPsec ESP transform values */
372
373 static const char *const esp_transform_name[] = {
374 "DES_IV64",
375 "DES_CBC",
376 "3DES_CBC",
377 "RC5_CBC",
378 "IDEA_CBC",
379 "CAST_CBC",
380 "BLOWFISH_CBC",
381 "3IDEA",
382 "DES_IV32",
383 "RC4",
384 "NULL",
385 "AES_CBC",
386 "AES_CTR",
387 "AES_CCM_8",
388 "AES_CCM_12",
389 "AES_CCM_16",
390 "UNASSIGNED_17",
391 "AES_GCM_8",
392 "AES_GCM_12",
393 "AES_GCM_16",
394 "SEED_CBC",
395 "CAMELLIA_CBC",
396 "AES_GMAC"
397 };
398
399 static const char *const esp_transform_name_high[] = {
400 "SERPENT_CBC",
401 "TWOFISH_CBC"
402 };
403
404 enum_names esp_transform_names_high =
405 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
406
407 enum_names esp_transform_names =
408 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transform_names_high };
409
410 /* IPCOMP transform values */
411
412 static const char *const ipcomp_transform_name[] = {
413 "IPCOMP_OUI",
414 "IPCOMP_DEFLAT",
415 "IPCOMP_LZS",
416 "IPCOMP_LZJH",
417 };
418
419 enum_names ipcomp_transformid_names =
420 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
421
422 /* Identification type values */
423
424 static const char *const ident_name[] = {
425 "ID_IPV4_ADDR",
426 "ID_FQDN",
427 "ID_USER_FQDN",
428 "ID_IPV4_ADDR_SUBNET",
429 "ID_IPV6_ADDR",
430 "ID_IPV6_ADDR_SUBNET",
431 "ID_IPV4_ADDR_RANGE",
432 "ID_IPV6_ADDR_RANGE",
433 "ID_DER_ASN1_DN",
434 "ID_DER_ASN1_GN",
435 "ID_KEY_ID",
436 };
437
438 enum_names ident_names =
439 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
440
441 /* Certificate type values */
442
443 static const char *const cert_type_name[] = {
444 "CERT_NONE",
445 "CERT_PKCS7_WRAPPED_X509",
446 "CERT_PGP",
447 "CERT_DNS_SIGNED_KEY",
448 "CERT_X509_SIGNATURE",
449 "CERT_X509_KEY_EXCHANGE",
450 "CERT_KERBEROS_TOKENS",
451 "CERT_CRL",
452 "CERT_ARL",
453 "CERT_SPKI",
454 "CERT_X509_ATTRIBUTE",
455 };
456
457 enum_names cert_type_names =
458 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
459
460 /* Certificate policy names */
461
462 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
463 "ALWAYS_SEND",
464 "SEND_IF_ASKED",
465 "NEVER_SEND",
466 );
467
468 /* Goal BITs for establishing an SA
469 * Note: we drop the POLICY_ prefix so that logs are more concise.
470 */
471
472 const char *const sa_policy_bit_names[] = {
473 "PSK",
474 "PUBKEY",
475 "ENCRYPT",
476 "AUTHENTICATE",
477 "COMPRESS",
478 "TUNNEL",
479 "PFS",
480 "DISABLEARRIVALCHECK",
481 "SHUNT0",
482 "SHUNT1",
483 "FAILSHUNT0",
484 "FAILSHUNT1",
485 "DONTREKEY",
486 "OPPORTUNISTIC",
487 "GROUP",
488 "GROUTED",
489 "UP",
490 "MODECFGPUSH",
491 "XAUTHPSK",
492 "XAUTHRSASIG",
493 "XAUTHSERVER",
494 "DONTREAUTH",
495 "BEET",
496 "MOBIKE",
497 "PROXY",
498 NULL
499 };
500
501 const char *const policy_shunt_names[4] = {
502 "TRAP",
503 "PASS",
504 "DROP",
505 "REJECT",
506 };
507
508 const char *const policy_fail_names[4] = {
509 "NONE",
510 "PASS",
511 "DROP",
512 "REJECT",
513 };
514
515 /* Oakley transform attributes
516 * oakley_attr_bit_names does double duty: it is used for enum names
517 * and bit names.
518 */
519
520 const char *const oakley_attr_bit_names[] = {
521 "OAKLEY_ENCRYPTION_ALGORITHM",
522 "OAKLEY_HASH_ALGORITHM",
523 "OAKLEY_AUTHENTICATION_METHOD",
524 "OAKLEY_GROUP_DESCRIPTION",
525 "OAKLEY_GROUP_TYPE",
526 "OAKLEY_GROUP_PRIME",
527 "OAKLEY_GROUP_GENERATOR_ONE",
528 "OAKLEY_GROUP_GENERATOR_TWO",
529 "OAKLEY_GROUP_CURVE_A",
530 "OAKLEY_GROUP_CURVE_B",
531 "OAKLEY_LIFE_TYPE",
532 "OAKLEY_LIFE_DURATION",
533 "OAKLEY_PRF",
534 "OAKLEY_KEY_LENGTH",
535 "OAKLEY_FIELD_SIZE",
536 "OAKLEY_GROUP_ORDER",
537 "OAKLEY_BLOCK_SIZE",
538 NULL
539 };
540
541 static const char *const oakley_var_attr_name[] = {
542 "OAKLEY_GROUP_PRIME (variable length)",
543 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
544 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
545 "OAKLEY_GROUP_CURVE_A (variable length)",
546 "OAKLEY_GROUP_CURVE_B (variable length)",
547 NULL,
548 "OAKLEY_LIFE_DURATION (variable length)",
549 NULL,
550 NULL,
551 NULL,
552 "OAKLEY_GROUP_ORDER (variable length)",
553 };
554
555 static enum_names oakley_attr_desc_tv = {
556 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
557 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
558
559 enum_names oakley_attr_names = {
560 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
561 oakley_var_attr_name, &oakley_attr_desc_tv };
562
563 /* for each Oakley attribute, which enum_names describes its values? */
564 enum_names *oakley_attr_val_descs[] = {
565 NULL, /* (none) */
566 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
567 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
568 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
569 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
570 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
571 NULL, /* OAKLEY_GROUP_PRIME */
572 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
573 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
574 NULL, /* OAKLEY_GROUP_CURVE_A */
575 NULL, /* OAKLEY_GROUP_CURVE_B */
576 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
577 NULL, /* OAKLEY_LIFE_DURATION */
578 &oakley_prf_names, /* OAKLEY_PRF */
579 NULL, /* OAKLEY_KEY_LENGTH */
580 NULL, /* OAKLEY_FIELD_SIZE */
581 NULL, /* OAKLEY_GROUP_ORDER */
582 };
583
584 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
585
586 static const char *const ipsec_attr_name[] = {
587 "SA_LIFE_TYPE",
588 "SA_LIFE_DURATION",
589 "GROUP_DESCRIPTION",
590 "ENCAPSULATION_MODE",
591 "AUTH_ALGORITHM",
592 "KEY_LENGTH",
593 "KEY_ROUNDS",
594 "COMPRESS_DICT_SIZE",
595 "COMPRESS_PRIVATE_ALG",
596 };
597
598 static const char *const ipsec_var_attr_name[] = {
599 "SA_LIFE_DURATION (variable length)",
600 NULL,
601 NULL,
602 NULL,
603 NULL,
604 NULL,
605 NULL,
606 "COMPRESS_PRIVATE_ALG (variable length)",
607 };
608
609 static enum_names ipsec_attr_desc_tv = {
610 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
611 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
612 ipsec_attr_name, NULL };
613
614 enum_names ipsec_attr_names = {
615 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
616 ipsec_var_attr_name, &ipsec_attr_desc_tv };
617
618 /* for each IPsec attribute, which enum_names describes its values? */
619 enum_names *ipsec_attr_val_descs[] = {
620 NULL, /* (none) */
621 &sa_lifetime_names, /* SA_LIFE_TYPE */
622 NULL, /* SA_LIFE_DURATION */
623 &oakley_group_names, /* GROUP_DESCRIPTION */
624 &enc_mode_names, /* ENCAPSULATION_MODE */
625 &auth_alg_names, /* AUTH_ALGORITHM */
626 NULL, /* KEY_LENGTH */
627 NULL, /* KEY_ROUNDS */
628 NULL, /* COMPRESS_DICT_SIZE */
629 NULL, /* COMPRESS_PRIVATE_ALG */
630 };
631
632 /* SA Lifetime Type attribute */
633
634 static const char *const sa_lifetime_name[] = {
635 "SA_LIFE_TYPE_SECONDS",
636 "SA_LIFE_TYPE_KBYTES",
637 };
638
639 enum_names sa_lifetime_names =
640 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
641
642 /* Encapsulation Mode attribute */
643
644 static const char *const enc_mode_name[] = {
645 "ENCAPSULATION_MODE_TUNNEL",
646 "ENCAPSULATION_MODE_TRANSPORT",
647 "ENCAPSULATION_MODE_UDP_TUNNEL",
648 "ENCAPSULATION_MODE_UDP_TRANSPORT",
649 };
650
651 static const char *const enc_udp_mode_name[] = {
652 "ENCAPSULATION_MODE_UDP_TUNNEL",
653 "ENCAPSULATION_MODE_UDP_TRANSPORT",
654 };
655
656 static enum_names enc_udp_mode_names =
657 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
658
659 enum_names enc_mode_names =
660 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
661
662 /* Auth Algorithm attribute */
663
664 static const char *const auth_alg_name[] = {
665 "AUTH_NONE",
666 "HMAC_MD5",
667 "HMAC_SHA1",
668 "DES_MAC",
669 "KPDK",
670 "HMAC_SHA2_256",
671 "HMAC_SHA2_384",
672 "HMAC_SHA2_512",
673 "HMAC_RIPEMD",
674 "AES_XCBC_96",
675 "SIG_RSA"
676 };
677
678 static const char *const extended_auth_alg_name[] = {
679 "NULL",
680 "HMAC_SHA2_256_96"
681 };
682
683 enum_names extended_auth_alg_names =
684 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_HMAC_SHA2_256_96,
685 extended_auth_alg_name, NULL };
686
687 enum_names auth_alg_names =
688 { AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA,
689 auth_alg_name, &extended_auth_alg_names };
690
691 /* From draft-beaulieu-ike-xauth */
692 static const char *const xauth_type_name[] = {
693 "Generic",
694 "RADIUS-CHAP",
695 "OTP",
696 "S/KEY",
697 };
698
699 enum_names xauth_type_names =
700 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
701
702 /* From draft-beaulieu-ike-xauth */
703 static const char *const xauth_attr_tv_name[] = {
704 "XAUTH_TYPE",
705 NULL,
706 NULL,
707 NULL,
708 NULL,
709 NULL,
710 NULL,
711 "XAUTH_STATUS",
712 };
713
714 enum_names xauth_attr_tv_names = {
715 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
716 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
717
718 static const char *const unity_attr_name[] = {
719 "UNITY_BANNER",
720 "UNITY_SAVE_PASSWD",
721 "UNITY_DEF_DOMAIN",
722 "UNITY_SPLITDNS_NAME",
723 "UNITY_SPLIT_INCLUDE",
724 "UNITY_NATT_PORT",
725 "UNITY_LOCAL_LAN",
726 "UNITY_PFS",
727 "UNITY_FW_TYPE",
728 "UNITY_BACKUP_SERVERS",
729 "UNITY_DDNS_HOSTNAME",
730 };
731
732 enum_names unity_attr_names =
733 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
734
735 static const char *const microsoft_attr_name[] = {
736 "INTERNAL_IP4_SERVER",
737 "INTERNAL_IP6_SERVER",
738 };
739
740 enum_names microsoft_attr_names =
741 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
742
743 static const char *const xauth_attr_name[] = {
744 "XAUTH_USER_NAME",
745 "XAUTH_USER_PASSWORD",
746 "XAUTH_PASSCODE",
747 "XAUTH_MESSAGE",
748 "XAUTH_CHALLENGE",
749 "XAUTH_DOMAIN",
750 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
751 "XAUTH_NEXT_PIN",
752 "XAUTH_ANSWER",
753 };
754
755 enum_names xauth_attr_names =
756 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
757
758 static const char *const modecfg_attr_name[] = {
759 "INTERNAL_IP4_ADDRESS",
760 "INTERNAL_IP4_NETMASK",
761 "INTERNAL_IP4_DNS",
762 "INTERNAL_IP4_NBNS",
763 "INTERNAL_ADDRESS_EXPIRY",
764 "INTERNAL_IP4_DHCP",
765 "APPLICATION_VERSION",
766 "INTERNAL_IP6_ADDRESS",
767 "INTERNAL_IP6_NETMASK",
768 "INTERNAL_IP6_DNS",
769 "INTERNAL_IP6_NBNS",
770 "INTERNAL_IP6_DHCP",
771 "INTERNAL_IP4_SUBNET",
772 "SUPPORTED_ATTRIBUTES",
773 "INTERNAL_IP6_SUBNET",
774 };
775
776 enum_names modecfg_attr_names =
777 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
778
779 /* Oakley Lifetime Type attribute */
780
781 static const char *const oakley_lifetime_name[] = {
782 "OAKLEY_LIFE_SECONDS",
783 "OAKLEY_LIFE_KILOBYTES",
784 };
785
786 enum_names oakley_lifetime_names =
787 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
788
789 /* Oakley PRF attribute (none defined) */
790
791 enum_names oakley_prf_names =
792 { 1, 0, NULL, NULL };
793
794 /* Oakley Encryption Algorithm attribute */
795
796 static const char *const oakley_enc_name[] = {
797 "DES_CBC",
798 "IDEA_CBC",
799 "BLOWFISH_CBC",
800 "RC5_R16_B64_CBC",
801 "3DES_CBC",
802 "CAST_CBC",
803 "AES_CBC",
804 "CAMELLIA_CBC"
805 };
806
807 #ifdef NO_EXTRA_IKE
808 enum_names oakley_enc_names =
809 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
810 #else
811 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
812 "MARS_CBC" /* 65001 */,
813 "RC6_CBC" /* 65002 */,
814 "ID_65003" /* 65003 */,
815 "SERPENT_CBC" /* 65004 */,
816 "TWOFISH_CBC" /* 65005 */,
817 };
818
819 static const char *const oakley_enc_name_ssh[] = {
820 "TWOFISH_CBC_SSH",
821 };
822
823 enum_names oakley_enc_names_ssh =
824 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
825 , NULL };
826
827 enum_names oakley_enc_names_draft_aes_cbc_02 =
828 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
829 , &oakley_enc_names_ssh };
830
831 enum_names oakley_enc_names =
832 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
833 , &oakley_enc_names_draft_aes_cbc_02 };
834 #endif
835
836 /* Oakley Hash Algorithm attribute */
837
838 static const char *const oakley_hash_name[] = {
839 "HMAC_MD5",
840 "HMAC_SHA1",
841 "HMAC_TIGER",
842 "HMAC_SHA2_256",
843 "HMAC_SHA2_384",
844 "HMAC_SHA2_512",
845 };
846
847 enum_names oakley_hash_names =
848 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
849
850 /* Oakley Authentication Method attribute */
851
852 static const char *const oakley_auth_name1[] = {
853 "pre-shared key",
854 "DSS signature",
855 "RSA signature",
856 "RSA encryption",
857 "RSA encryption revised",
858 "ElGamal encryption",
859 "ELGamal encryption revised",
860 "ECDSA signature",
861 "ECDSA-256 signature",
862 "ECDSA-384 signature",
863 "ECDSA-521-signature",
864 };
865
866 static const char *const oakley_auth_name2[] = {
867 "HybridInitRSA",
868 "HybridRespRSA",
869 "HybridInitDSS",
870 "HybridRespDSS",
871 };
872
873 static const char *const oakley_auth_name3[] = {
874 "XAUTHInitPreShared",
875 "XAUTHRespPreShared",
876 "XAUTHInitDSS",
877 "XAUTHRespDSS",
878 "XAUTHInitRSA",
879 "XAUTHRespRSA",
880 "XAUTHInitRSAEncryption",
881 "XAUTHRespRSAEncryption",
882 "XAUTHInitRSARevisedEncryption",
883 "XAUTHRespRSARevisedEncryption",
884 };
885
886 static enum_names oakley_auth_names1 =
887 { OAKLEY_PRESHARED_KEY, OAKLEY_ECDSA_521
888 , oakley_auth_name1, NULL };
889
890 static enum_names oakley_auth_names2 =
891 { HybridInitRSA, HybridRespDSS
892 , oakley_auth_name2, &oakley_auth_names1 };
893
894 enum_names oakley_auth_names =
895 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
896 , oakley_auth_name3, &oakley_auth_names2 };
897
898 /* Oakley Group Description attribute */
899
900 static const char *const oakley_group_name[] = {
901 "MODP_768",
902 "MODP_1024",
903 "GP_155",
904 "GP_185",
905 "MODP_1536",
906 };
907
908 static const char *const oakley_group_name_rfc3526[] = {
909 "MODP_2048",
910 "MODP_3072",
911 "MODP_4096",
912 "MODP_6144",
913 "MODP_8192"
914 };
915
916 static const char *const oakley_group_name_rfc4753[] = {
917 "ECP_256",
918 "ECP_384",
919 "ECP_521"
920 };
921
922 static const char *const oakley_group_name_rfc5114[] = {
923 "ECP_192",
924 "ECP_224"
925 };
926
927 enum_names oakley_group_names_rfc5114 =
928 { ECP_192_BIT, ECP_224_BIT,
929 oakley_group_name_rfc5114, NULL };
930
931 enum_names oakley_group_names_rfc4753 =
932 { ECP_256_BIT, ECP_521_BIT,
933 oakley_group_name_rfc4753, &oakley_group_names_rfc5114 };
934
935 enum_names oakley_group_names_rfc3526 =
936 { MODP_2048_BIT, MODP_8192_BIT,
937 oakley_group_name_rfc3526, &oakley_group_names_rfc4753 };
938
939 enum_names oakley_group_names =
940 { MODP_768_BIT, MODP_1536_BIT,
941 oakley_group_name, &oakley_group_names_rfc3526 };
942
943 /* Oakley Group Type attribute */
944
945 static const char *const oakley_group_type_name[] = {
946 "OAKLEY_GROUP_TYPE_MODP",
947 "OAKLEY_GROUP_TYPE_ECP",
948 "OAKLEY_GROUP_TYPE_EC2N",
949 };
950
951 enum_names oakley_group_type_names =
952 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
953
954 /* Notify messages -- error types */
955
956 static const char *const notification_name[] = {
957 "INVALID_PAYLOAD_TYPE",
958 "DOI_NOT_SUPPORTED",
959 "SITUATION_NOT_SUPPORTED",
960 "INVALID_COOKIE",
961 "INVALID_MAJOR_VERSION",
962 "INVALID_MINOR_VERSION",
963 "INVALID_EXCHANGE_TYPE",
964 "INVALID_FLAGS",
965 "INVALID_MESSAGE_ID",
966 "INVALID_PROTOCOL_ID",
967 "INVALID_SPI",
968 "INVALID_TRANSFORM_ID",
969 "ATTRIBUTES_NOT_SUPPORTED",
970 "NO_PROPOSAL_CHOSEN",
971 "BAD_PROPOSAL_SYNTAX",
972 "PAYLOAD_MALFORMED",
973 "INVALID_KEY_INFORMATION",
974 "INVALID_ID_INFORMATION",
975 "INVALID_CERT_ENCODING",
976 "INVALID_CERTIFICATE",
977 "CERT_TYPE_UNSUPPORTED",
978 "INVALID_CERT_AUTHORITY",
979 "INVALID_HASH_INFORMATION",
980 "AUTHENTICATION_FAILED",
981 "INVALID_SIGNATURE",
982 "ADDRESS_NOTIFICATION",
983 "NOTIFY_SA_LIFETIME",
984 "CERTIFICATE_UNAVAILABLE",
985 "UNSUPPORTED_EXCHANGE_TYPE",
986 "UNEQUAL_PAYLOAD_LENGTHS",
987 };
988
989 static const char *const notification_status_name[] = {
990 "CONNECTED",
991 };
992
993 static const char *const ipsec_notification_name[] = {
994 "IPSEC_RESPONDER_LIFETIME",
995 "IPSEC_REPLAY_STATUS",
996 "IPSEC_INITIAL_CONTACT",
997 };
998
999 static const char *const notification_dpd_name[] = {
1000 "R_U_THERE",
1001 "R_U_THERE_ACK",
1002 };
1003
1004 static const char *const notification_juniper_name[] = {
1005 "NS_NHTB_INFORM",
1006 };
1007
1008 enum_names notification_juniper_names =
1009 { NS_NHTB_INFORM, NS_NHTB_INFORM,
1010 notification_juniper_name, NULL };
1011
1012 enum_names notification_dpd_names =
1013 { R_U_THERE, R_U_THERE_ACK,
1014 notification_dpd_name, &notification_juniper_names };
1015
1016 enum_names ipsec_notification_names =
1017 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
1018 ipsec_notification_name, &notification_dpd_names };
1019
1020 enum_names notification_status_names =
1021 { ISAKMP_CONNECTED, ISAKMP_CONNECTED,
1022 notification_status_name, &ipsec_notification_names };
1023
1024 enum_names notification_names =
1025 { ISAKMP_INVALID_PAYLOAD_TYPE, ISAKMP_UNEQUAL_PAYLOAD_LENGTHS,
1026 notification_name, &notification_status_names };
1027
1028 /* MODECFG
1029 * From draft-dukes-ike-mode-cfg
1030 */
1031 const char *const attr_msg_type_name[] = {
1032 "ISAKMP_CFG_RESERVED",
1033 "ISAKMP_CFG_REQUEST",
1034 "ISAKMP_CFG_REPLY",
1035 "ISAKMP_CFG_SET",
1036 "ISAKMP_CFG_ACK",
1037 NULL
1038 };
1039
1040 enum_names attr_msg_type_names =
1041 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1042
1043 /* socket address family info */
1044
1045 static const char *const af_inet_name[] = {
1046 "AF_INET",
1047 };
1048
1049 static const char *const af_inet6_name[] = {
1050 "AF_INET6",
1051 };
1052
1053 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1054
1055 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1056
1057 static ip_address ipv4_any, ipv6_any;
1058 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1059 static ip_subnet ipv4_all, ipv6_all;
1060
1061 const struct af_info af_inet4_info = {
1062 AF_INET,
1063 "AF_INET",
1064 sizeof(struct in_addr),
1065 sizeof(struct sockaddr_in),
1066 32,
1067 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1068 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1069 };
1070
1071 const struct af_info af_inet6_info = {
1072 AF_INET6,
1073 "AF_INET6",
1074 sizeof(struct in6_addr),
1075 sizeof(struct sockaddr_in6),
1076 128,
1077 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1078 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1079 };
1080
1081 const struct af_info *
1082 aftoinfo(int af)
1083 {
1084 switch (af)
1085 {
1086 case AF_INET:
1087 return &af_inet4_info;
1088 case AF_INET6:
1089 return &af_inet6_info;
1090 default:
1091 return NULL;
1092 }
1093 }
1094
1095 bool subnetisnone(const ip_subnet *sn)
1096 {
1097 ip_address base;
1098
1099 networkof(sn, &base);
1100 return isanyaddr(&base) && subnetishost(sn);
1101 }
1102
1103 /* BIND enumerated types */
1104
1105 #include <arpa/nameser.h>
1106
1107 static const char *const rr_type_name[] = {
1108 "T_A", /* 1 host address */
1109 "T_NS", /* 2 authoritative server */
1110 "T_MD", /* 3 mail destination */
1111 "T_MF", /* 4 mail forwarder */
1112 "T_CNAME", /* 5 canonical name */
1113 "T_SOA", /* 6 start of authority zone */
1114 "T_MB", /* 7 mailbox domain name */
1115 "T_MG", /* 8 mail group member */
1116 "T_MR", /* 9 mail rename name */
1117 "T_NULL", /* 10 null resource record */
1118 "T_WKS", /* 11 well known service */
1119 "T_PTR", /* 12 domain name pointer */
1120 "T_HINFO", /* 13 host information */
1121 "T_MINFO", /* 14 mailbox information */
1122 "T_MX", /* 15 mail routing information */
1123 "T_TXT", /* 16 text strings */
1124 "T_RP", /* 17 responsible person */
1125 "T_AFSDB", /* 18 AFS cell database */
1126 "T_X25", /* 19 X_25 calling address */
1127 "T_ISDN", /* 20 ISDN calling address */
1128 "T_RT", /* 21 router */
1129 "T_NSAP", /* 22 NSAP address */
1130 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1131 "T_SIG", /* 24 security signature */
1132 "T_KEY", /* 25 security key */
1133 "T_PX", /* 26 X.400 mail mapping */
1134 "T_GPOS", /* 27 geographical position (withdrawn) */
1135 "T_AAAA", /* 28 IP6 Address */
1136 "T_LOC", /* 29 Location Information */
1137 "T_NXT", /* 30 Next Valid Name in Zone */
1138 "T_EID", /* 31 Endpoint identifier */
1139 "T_NIMLOC", /* 32 Nimrod locator */
1140 "T_SRV", /* 33 Server selection */
1141 "T_ATMA", /* 34 ATM Address */
1142 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1143 NULL
1144 };
1145
1146 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1147
1148 /* Query type values which do not appear in resource records */
1149 static const char *const rr_qtype_name[] = {
1150 "T_IXFR", /* 251 incremental zone transfer */
1151 "T_AXFR", /* 252 transfer zone of authority */
1152 "T_MAILB", /* 253 transfer mailbox records */
1153 "T_MAILA", /* 254 transfer mail agent records */
1154 "T_ANY", /* 255 wildcard match */
1155 NULL
1156 };
1157
1158 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1159
1160 static const char *const rr_class_name[] = {
1161 "C_IN", /* 1 the arpa internet */
1162 NULL
1163 };
1164
1165 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1166
1167 /*
1168 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1169 *
1170 */
1171 const char *const natt_type_bitnames[] = {
1172 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1173 "draft-ietf-ipsec-nat-t-ike-02/03",
1174 "RFC 3947",
1175 "3", /* 3 */
1176 "4", "5", "6", "7",
1177 "8", "9", "10", "11",
1178 "12", "13", "14", "15",
1179 "16", "17", "18", "19",
1180 "20", "21", "22", "23",
1181 "24", "25", "26", "27",
1182 "28", "29",
1183 "nat is behind me",
1184 "nat is behind peer"
1185 };
1186
1187 /* look up enum names in an enum_names */
1188
1189 const char* enum_name(enum_names *ed, unsigned long val)
1190 {
1191 enum_names *p;
1192
1193 for (p = ed; p != NULL; p = p->en_next_range)
1194 {
1195 if (p->en_first <= val && val <= p->en_last)
1196 return p->en_names[val - p->en_first];
1197 }
1198 return NULL;
1199 }
1200
1201 /* find or construct a string to describe an enum value
1202 * Result may be in STATIC buffer!
1203 */
1204 const char *
1205 enum_show(enum_names *ed, unsigned long val)
1206 {
1207 const char *p = enum_name(ed, val);
1208
1209 if (p == NULL)
1210 {
1211 static char buf[12]; /* only one! I hope that it is big enough */
1212
1213 snprintf(buf, sizeof(buf), "%lu??", val);
1214 p = buf;
1215 }
1216 return p;
1217 }
1218
1219
1220 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1221
1222 int
1223 enum_search(enum_names *ed, const char *str)
1224 {
1225 enum_names *p;
1226 const char *ptr;
1227 unsigned en;
1228
1229 for (p = ed; p != NULL; p = p->en_next_range)
1230 {
1231 for (en = p->en_first; en <= p->en_last ;en++)
1232 {
1233 ptr = p->en_names[en - p->en_first];
1234 if (ptr == 0)
1235 {
1236 continue;
1237 }
1238 if (streq(ptr, str))
1239 {
1240 return en;
1241 }
1242 }
1243 }
1244 return -1;
1245 }
1246
1247 /* construct a string to name the bits on in a set
1248 * Result may be in STATIC buffer!
1249 * Note: prettypolicy depends on internal details.
1250 */
1251 const char* bitnamesof(const char *const table[], lset_t val)
1252 {
1253 char *p = bitnamesbuf;
1254 lset_t bit;
1255 const char *const *tp;
1256
1257 if (val == 0)
1258 return "none";
1259
1260 for (tp = table, bit = 01; val != 0; bit <<= 1)
1261 {
1262 if (val & bit)
1263 {
1264 const char *n = *tp;
1265 size_t nl;
1266
1267 if (n == NULL || *n == '\0')
1268 {
1269 /* no name for this bit, so use hex */
1270 static char flagbuf[sizeof("0x80000000")];
1271
1272 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1273 n = flagbuf;
1274 }
1275
1276 nl = strlen(n);
1277
1278 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1279 *p++ = '+';
1280
1281 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1282 {
1283 strcpy(p, n);
1284 p += nl;
1285 }
1286 val -= bit;
1287 }
1288 if (*tp != NULL)
1289 tp++; /* move on, but not past end */
1290 }
1291 *p = '\0';
1292 return bitnamesbuf;
1293 }
1294
1295 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1296 * Suppress the shunt and fail fields if 0.
1297 */
1298 const char* prettypolicy(lset_t policy)
1299 {
1300 const char *bn = bitnamesof(sa_policy_bit_names
1301 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1302 size_t len;
1303 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1304 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1305
1306 if (bn != bitnamesbuf)
1307 bitnamesbuf[0] = '\0';
1308 len = strlen(bitnamesbuf);
1309 if (shunt != 0)
1310 {
1311 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1312 , policy_shunt_names[shunt]);
1313 len += strlen(bitnamesbuf + len);
1314 }
1315 if (fail != 0)
1316 {
1317 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1318 , policy_fail_names[fail]);
1319 len += strlen(bitnamesbuf + len);
1320 }
1321 if (NEVER_NEGOTIATE(policy))
1322 {
1323 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1324 len += strlen(bitnamesbuf + len);
1325 }
1326 return bitnamesbuf;
1327 }
1328
1329 /* test a set by seeing if all bits have names */
1330
1331 bool testset(const char *const table[], lset_t val)
1332 {
1333 lset_t bit;
1334 const char *const *tp;
1335
1336 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1337 {
1338 const char *n = *tp;
1339
1340 if (n == NULL || ((val & bit) && *n == '\0'))
1341 return FALSE;
1342 val &= ~bit;
1343 }
1344 return TRUE;
1345 }
1346
1347
1348 const char sparse_end[] = "end of sparse names";
1349
1350 /* look up enum names in a sparse_names */
1351 const char *sparse_name(sparse_names sd, unsigned long val)
1352 {
1353 const struct sparse_name *p;
1354
1355 for (p = sd; p->name != sparse_end; p++)
1356 if (p->val == val)
1357 return p->name;
1358 return NULL;
1359 }
1360
1361 /* find or construct a string to describe an sparse value
1362 * Result may be in STATIC buffer!
1363 */
1364 const char* sparse_val_show(sparse_names sd, unsigned long val)
1365 {
1366 const char *p = sparse_name(sd, val);
1367
1368 if (p == NULL)
1369 {
1370 static char buf[12]; /* only one! I hope that it is big enough */
1371
1372 snprintf(buf, sizeof(buf), "%lu??", val);
1373 p = buf;
1374 }
1375 return p;
1376 }
1377
1378 void init_constants(void)
1379 {
1380 happy(anyaddr(AF_INET, &ipv4_any));
1381 happy(anyaddr(AF_INET6, &ipv6_any));
1382
1383 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1384 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1385
1386 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1387 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1388 }
1389
1390 u_char secret_of_the_day[HASH_SIZE_SHA1];
1391
1392
strongSwan - IPsec VPN