added bitnames for POLICY_BEET and POLICY_MOBIKE flags
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: constants.c,v 1.21 2006/03/27 07:38:59 as Exp $
15 */
16
17 /*
18 * Note that the array sizes are all specified; this is to enable range
19 * checking by code that only includes constants.h.
20 */
21
22 #include <stddef.h>
23 #include <string.h>
24 #include <stdio.h>
25 #include <netinet/in.h>
26
27 #include <freeswan.h>
28 #include <ipsec_policy.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef LIBCURL
42 " LIBCURL"
43 #endif
44 #ifdef LIBLDAP
45 " LIBLDAP"
46 #endif
47 #ifdef SMARTCARD
48 " SMARTCARD"
49 #endif
50 #ifdef VENDORID
51 " VENDORID"
52 #endif
53 #ifdef CISCO_QUIRKS
54 " CISCO_QUIRKS"
55 #endif
56 #ifdef USE_KEYRR
57 " KEYRR"
58 #endif
59 ;
60
61 /* version */
62
63 static const char *const version_name[] = {
64 "ISAKMP Version 1.0",
65 };
66
67 enum_names version_names =
68 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
69 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
70 version_name, NULL };
71
72 /* RFC 2459 CRL reason codes */
73
74 static const char *const crl_reason_name[] = {
75 "unspecified",
76 "key compromise",
77 "ca compromise",
78 "affiliation changed",
79 "superseded",
80 "cessation of operation",
81 "certificate hold",
82 "reason #7",
83 "remove from crl"
84 };
85
86 enum_names crl_reason_names =
87 { REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL, crl_reason_name, NULL};
88
89 /* RFC 3706 Dead Peer Detection */
90
91 static const char *const dpd_action_name[] = {
92 "none",
93 "clear",
94 "hold",
95 "restart"
96 };
97
98 enum_names dpd_action_names =
99 { DPD_ACTION_NONE, DPD_ACTION_RESTART, dpd_action_name, NULL};
100
101 /* Timer events */
102
103 static const char *const timer_event_name[] = {
104 "EVENT_NULL",
105 "EVENT_REINIT_SECRET",
106 "EVENT_SHUNT_SCAN",
107 "EVENT_SO_DISCARD",
108 "EVENT_RETRANSMIT",
109 "EVENT_SA_REPLACE",
110 "EVENT_SA_REPLACE_IF_USED",
111 "EVENT_SA_EXPIRE",
112 "EVENT_NAT_T_KEEPALIVE",
113 "EVENT_DPD",
114 "EVENT_DPD_TIMEOUT",
115 "EVENT_LOG_DAILY"
116 };
117
118 enum_names timer_event_names =
119 { EVENT_NULL, EVENT_LOG_DAILY, timer_event_name, NULL };
120
121 /* Domain of Interpretation */
122
123 static const char *const doi_name[] = {
124 "ISAKMP_DOI_ISAKMP",
125 "ISAKMP_DOI_IPSEC",
126 };
127
128 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
129
130 /* debugging settings: a set of selections for reporting
131 * These would be more naturally situated in log.h,
132 * but they are shared with whack.
133 * It turns out that "debug-" is clutter in all contexts this is used,
134 * so we leave it off.
135 */
136 #ifdef DEBUG
137 const char *const debug_bit_names[] = {
138 "raw",
139 "crypt",
140 "parsing",
141 "emitting",
142 "control",
143 "lifecycle",
144 "klips",
145 "dns",
146 "natt",
147 "oppo",
148 "controlmore",
149
150 "private",
151
152 "impair-delay-adns-key-answer",
153 "impair-delay-adns-txt-answer",
154 "impair-bust-mi2",
155 "impair-bust-mr2",
156
157 NULL
158 };
159 #endif
160
161 /* State of exchanges */
162
163 static const char *const state_name[] = {
164 "STATE_MAIN_R0",
165 "STATE_MAIN_I1",
166 "STATE_MAIN_R1",
167 "STATE_MAIN_I2",
168 "STATE_MAIN_R2",
169 "STATE_MAIN_I3",
170 "STATE_MAIN_R3",
171 "STATE_MAIN_I4",
172
173 "STATE_QUICK_R0",
174 "STATE_QUICK_I1",
175 "STATE_QUICK_R1",
176 "STATE_QUICK_I2",
177 "STATE_QUICK_R2",
178
179 "STATE_INFO",
180 "STATE_INFO_PROTECTED",
181
182 "STATE_XAUTH_I0",
183 "STATE_XAUTH_R1",
184 "STATE_XAUTH_I1",
185 "STATE_XAUTH_R2",
186 "STATE_XAUTH_I2",
187 "STATE_XAUTH_R3",
188
189 "STATE_MODE_CFG_R0",
190 "STATE_MODE_CFG_I1",
191 "STATE_MODE_CFG_R1",
192 "STATE_MODE_CFG_I2",
193
194 "STATE_MODE_CFG_I0",
195 "STATE_MODE_CFG_R3",
196 "STATE_MODE_CFG_I3",
197 "STATE_MODE_CFG_R4",
198
199 "STATE_IKE_ROOF"
200 };
201
202 enum_names state_names =
203 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
204
205 /* story for state */
206
207 const char *const state_story[] = {
208 "expecting MI1", /* STATE_MAIN_R0 */
209 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
210 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
211 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
212 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
213 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
214 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
215 "ISAKMP SA established", /* STATE_MAIN_I4 */
216
217 "expecting QI1", /* STATE_QUICK_R0 */
218 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
219 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
220 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
221 "IPsec SA established", /* STATE_QUICK_R2 */
222
223 "got Informational Message in clear", /* STATE_INFO */
224 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
225
226 "expecting XAUTH request", /* STATE_XAUTH_I0 */
227 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
228 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
229 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
230 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
231 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
232
233 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
234 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
235 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
236 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
237
238 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
239 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
240 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
241 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
242 };
243
244 /* kind of struct connection */
245
246 static const char *const connection_kind_name[] = {
247 "CK_GROUP", /* policy group: instantiates to template */
248 "CK_TEMPLATE", /* abstract connection, with wildcard */
249 "CK_PERMANENT", /* normal connection */
250 "CK_INSTANCE", /* instance of template, created for a particular attempt */
251 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
252 };
253
254 enum_names connection_kind_names =
255 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
256
257 /* routing status names */
258
259 static const char *const routing_story_strings[] = {
260 "unrouted", /* RT_UNROUTED: unrouted */
261 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
262 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
263 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
264 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
265 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
266 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
267 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
268 };
269
270 enum_names routing_story =
271 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
272
273 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
274
275 const char *const payload_name[] = {
276 "ISAKMP_NEXT_NONE",
277 "ISAKMP_NEXT_SA",
278 "ISAKMP_NEXT_P",
279 "ISAKMP_NEXT_T",
280 "ISAKMP_NEXT_KE",
281 "ISAKMP_NEXT_ID",
282 "ISAKMP_NEXT_CERT",
283 "ISAKMP_NEXT_CR",
284 "ISAKMP_NEXT_HASH",
285 "ISAKMP_NEXT_SIG",
286 "ISAKMP_NEXT_NONCE",
287 "ISAKMP_NEXT_N",
288 "ISAKMP_NEXT_D",
289 "ISAKMP_NEXT_VID",
290 "ISAKMP_NEXT_MODECFG",
291 "ISAKMP_NEXT_15",
292 "ISAKMP_NEXT_16",
293 "ISAKMP_NEXT_17",
294 "ISAKMP_NEXT_18",
295 "ISAKMP_NEXT_19",
296 "ISAKMP_NEXT_NAT-D",
297 "ISAKMP_NEXT_NAT-OA",
298 NULL
299 };
300
301 const char *const payload_name_nat_d[] = { "ISAKMP_NEXT_NAT-D",
302 "ISAKMP_NEXT_NAT-OA", NULL };
303
304 static enum_names payload_names_nat_d =
305 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
306
307 enum_names payload_names =
308 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
309
310 /* Exchange types (note: two discontinuous ranges) */
311
312 static const char *const exchange_name[] = {
313 "ISAKMP_XCHG_NONE",
314 "ISAKMP_XCHG_BASE",
315 "ISAKMP_XCHG_IDPROT",
316 "ISAKMP_XCHG_AO",
317 "ISAKMP_XCHG_AGGR",
318 "ISAKMP_XCHG_INFO",
319 "ISAKMP_XCHG_MODE_CFG",
320 };
321
322 static const char *const exchange_name2[] = {
323 "ISAKMP_XCHG_QUICK",
324 "ISAKMP_XCHG_NGRP",
325 "ISAKMP_XCHG_ACK_INFO",
326 };
327
328 static enum_names exchange_desc2 =
329 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
330
331 enum_names exchange_names =
332 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
333
334 /* Flag BITS */
335 const char *const flag_bit_names[] = {
336 "ISAKMP_FLAG_ENCRYPTION",
337 "ISAKMP_FLAG_COMMIT",
338 NULL
339 };
340
341 /* Situation BITS definition for IPsec DOI */
342
343 const char *const sit_bit_names[] = {
344 "SIT_IDENTITY_ONLY",
345 "SIT_SECRECY",
346 "SIT_INTEGRITY",
347 NULL
348 };
349
350 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
351
352 static const char *const protocol_name[] = {
353 "PROTO_ISAKMP",
354 "PROTO_IPSEC_AH",
355 "PROTO_IPSEC_ESP",
356 "PROTO_IPCOMP",
357 };
358
359 enum_names protocol_names =
360 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
361
362 /* IPsec ISAKMP transform values */
363
364 static const char *const isakmp_transform_name[] = {
365 "KEY_IKE",
366 };
367
368 enum_names isakmp_transformid_names =
369 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
370
371 /* IPsec AH transform values */
372
373 static const char *const ah_transform_name[] = {
374 "AH_MD5",
375 "AH_SHA",
376 "AH_DES",
377 "AH_SHA2_256",
378 "AH_SHA2_384",
379 "AH_SHA2_512",
380 "AH_RIPEMD"
381 };
382
383 enum_names ah_transformid_names =
384 { AH_MD5, AH_RIPEMD, ah_transform_name, NULL };
385
386 /* IPsec ESP transform values */
387
388 static const char *const esp_transform_name[] = {
389 "ESP_DES_IV64",
390 "ESP_DES",
391 "ESP_3DES",
392 "ESP_RC5",
393 "ESP_IDEA",
394 "ESP_CAST",
395 "ESP_BLOWFISH",
396 "ESP_3IDEA",
397 "ESP_DES_IV32",
398 "ESP_RC4",
399 "ESP_NULL",
400 "ESP_AES",
401 "ESP_AES-CTR",
402 "ESP_AES-CCM_8",
403 "ESP_AES-CCM_12",
404 "ESP_AES-CCM_16"
405 };
406
407 /*
408 * ipsec drafts suggest "high" ESP ids values for testing,
409 * assign generic ESP_ID<num> if not officially defined
410 */
411 static const char *const esp_transform_name_high[] = {
412 "ESP_SERPENT",
413 "ESP_TWOFISH"
414 };
415
416 enum_names esp_transformid_names_high =
417 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
418
419 enum_names esp_transformid_names =
420 { ESP_DES_IV64, ESP_AES_CCM_16, esp_transform_name, &esp_transformid_names_high };
421
422 /* IPCOMP transform values */
423
424 static const char *const ipcomp_transform_name[] = {
425 "IPCOMP_OUI",
426 "IPCOMP_DEFLAT",
427 "IPCOMP_LZS",
428 "IPCOMP_LZJH",
429 };
430
431 enum_names ipcomp_transformid_names =
432 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
433
434 /* Identification type values */
435
436 static const char *const ident_name[] = {
437 "ID_IPV4_ADDR",
438 "ID_FQDN",
439 "ID_USER_FQDN",
440 "ID_IPV4_ADDR_SUBNET",
441 "ID_IPV6_ADDR",
442 "ID_IPV6_ADDR_SUBNET",
443 "ID_IPV4_ADDR_RANGE",
444 "ID_IPV6_ADDR_RANGE",
445 "ID_DER_ASN1_DN",
446 "ID_DER_ASN1_GN",
447 "ID_KEY_ID",
448 };
449
450 enum_names ident_names =
451 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
452
453 /* Certificate type values */
454
455 static const char *const cert_type_name[] = {
456 "CERT_NONE",
457 "CERT_PKCS7_WRAPPED_X509",
458 "CERT_PGP",
459 "CERT_DNS_SIGNED_KEY",
460 "CERT_X509_SIGNATURE",
461 "CERT_X509_KEY_EXCHANGE",
462 "CERT_KERBEROS_TOKENS",
463 "CERT_CRL",
464 "CERT_ARL",
465 "CERT_SPKI",
466 "CERT_X509_ATTRIBUTE",
467 };
468
469 enum_names cert_type_names =
470 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
471
472 /* Certificate policy names */
473
474 static const char *const cert_policy_name[] = {
475 "ALWAYS_SEND",
476 "SEND_IF_ASKED",
477 "NEVER_SEND",
478 };
479
480 enum_names cert_policy_names =
481 { CERT_ALWAYS_SEND, CERT_NEVER_SEND, cert_policy_name, NULL };
482
483 /* Goal BITs for establishing an SA
484 * Note: we drop the POLICY_ prefix so that logs are more concise.
485 */
486
487 const char *const sa_policy_bit_names[] = {
488 "PSK",
489 "RSASIG",
490 "ENCRYPT",
491 "AUTHENTICATE",
492 "COMPRESS",
493 "TUNNEL",
494 "PFS",
495 "DISABLEARRIVALCHECK",
496 "SHUNT0",
497 "SHUNT1",
498 "FAILSHUNT0",
499 "FAILSHUNT1",
500 "DONTREKEY",
501 "OPPORTUNISTIC",
502 "GROUP",
503 "GROUTED",
504 "UP",
505 "MODECFGPUSH",
506 "XAUTHPSK",
507 "XAUTHRSASIG",
508 "XAUTHSERVER",
509 "DONTREAUTH",
510 "BEET",
511 "MOBIKE",
512 NULL
513 };
514
515 const char *const policy_shunt_names[4] = {
516 "TRAP",
517 "PASS",
518 "DROP",
519 "REJECT",
520 };
521
522 const char *const policy_fail_names[4] = {
523 "NONE",
524 "PASS",
525 "DROP",
526 "REJECT",
527 };
528
529 /* Oakley transform attributes
530 * oakley_attr_bit_names does double duty: it is used for enum names
531 * and bit names.
532 */
533
534 const char *const oakley_attr_bit_names[] = {
535 "OAKLEY_ENCRYPTION_ALGORITHM",
536 "OAKLEY_HASH_ALGORITHM",
537 "OAKLEY_AUTHENTICATION_METHOD",
538 "OAKLEY_GROUP_DESCRIPTION",
539 "OAKLEY_GROUP_TYPE",
540 "OAKLEY_GROUP_PRIME",
541 "OAKLEY_GROUP_GENERATOR_ONE",
542 "OAKLEY_GROUP_GENERATOR_TWO",
543 "OAKLEY_GROUP_CURVE_A",
544 "OAKLEY_GROUP_CURVE_B",
545 "OAKLEY_LIFE_TYPE",
546 "OAKLEY_LIFE_DURATION",
547 "OAKLEY_PRF",
548 "OAKLEY_KEY_LENGTH",
549 "OAKLEY_FIELD_SIZE",
550 "OAKLEY_GROUP_ORDER",
551 "OAKLEY_BLOCK_SIZE",
552 NULL
553 };
554
555 static const char *const oakley_var_attr_name[] = {
556 "OAKLEY_GROUP_PRIME (variable length)",
557 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
558 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
559 "OAKLEY_GROUP_CURVE_A (variable length)",
560 "OAKLEY_GROUP_CURVE_B (variable length)",
561 NULL,
562 "OAKLEY_LIFE_DURATION (variable length)",
563 NULL,
564 NULL,
565 NULL,
566 "OAKLEY_GROUP_ORDER (variable length)",
567 };
568
569 static enum_names oakley_attr_desc_tv = {
570 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
571 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
572
573 enum_names oakley_attr_names = {
574 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
575 oakley_var_attr_name, &oakley_attr_desc_tv };
576
577 /* for each Oakley attribute, which enum_names describes its values? */
578 enum_names *oakley_attr_val_descs[] = {
579 NULL, /* (none) */
580 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
581 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
582 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
583 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
584 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
585 NULL, /* OAKLEY_GROUP_PRIME */
586 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
587 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
588 NULL, /* OAKLEY_GROUP_CURVE_A */
589 NULL, /* OAKLEY_GROUP_CURVE_B */
590 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
591 NULL, /* OAKLEY_LIFE_DURATION */
592 &oakley_prf_names, /* OAKLEY_PRF */
593 NULL, /* OAKLEY_KEY_LENGTH */
594 NULL, /* OAKLEY_FIELD_SIZE */
595 NULL, /* OAKLEY_GROUP_ORDER */
596 };
597
598 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
599
600 static const char *const ipsec_attr_name[] = {
601 "SA_LIFE_TYPE",
602 "SA_LIFE_DURATION",
603 "GROUP_DESCRIPTION",
604 "ENCAPSULATION_MODE",
605 "AUTH_ALGORITHM",
606 "KEY_LENGTH",
607 "KEY_ROUNDS",
608 "COMPRESS_DICT_SIZE",
609 "COMPRESS_PRIVATE_ALG",
610 };
611
612 static const char *const ipsec_var_attr_name[] = {
613 "SA_LIFE_DURATION (variable length)",
614 NULL,
615 NULL,
616 NULL,
617 NULL,
618 NULL,
619 NULL,
620 "COMPRESS_PRIVATE_ALG (variable length)",
621 };
622
623 static enum_names ipsec_attr_desc_tv = {
624 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
625 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
626 ipsec_attr_name, NULL };
627
628 enum_names ipsec_attr_names = {
629 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
630 ipsec_var_attr_name, &ipsec_attr_desc_tv };
631
632 /* for each IPsec attribute, which enum_names describes its values? */
633 enum_names *ipsec_attr_val_descs[] = {
634 NULL, /* (none) */
635 &sa_lifetime_names, /* SA_LIFE_TYPE */
636 NULL, /* SA_LIFE_DURATION */
637 &oakley_group_names, /* GROUP_DESCRIPTION */
638 &enc_mode_names, /* ENCAPSULATION_MODE */
639 &auth_alg_names, /* AUTH_ALGORITHM */
640 NULL, /* KEY_LENGTH */
641 NULL, /* KEY_ROUNDS */
642 NULL, /* COMPRESS_DICT_SIZE */
643 NULL, /* COMPRESS_PRIVATE_ALG */
644 };
645
646 /* SA Lifetime Type attribute */
647
648 static const char *const sa_lifetime_name[] = {
649 "SA_LIFE_TYPE_SECONDS",
650 "SA_LIFE_TYPE_KBYTES",
651 };
652
653 enum_names sa_lifetime_names =
654 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
655
656 /* Encapsulation Mode attribute */
657
658 static const char *const enc_mode_name[] = {
659 "ENCAPSULATION_MODE_TUNNEL",
660 "ENCAPSULATION_MODE_TRANSPORT",
661 "ENCAPSULATION_MODE_UDP_TUNNEL",
662 "ENCAPSULATION_MODE_UDP_TRANSPORT",
663 };
664
665 static const char *const enc_udp_mode_name[] = {
666 "ENCAPSULATION_MODE_UDP_TUNNEL",
667 "ENCAPSULATION_MODE_UDP_TRANSPORT",
668 };
669
670 static enum_names enc_udp_mode_names =
671 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
672
673 enum_names enc_mode_names =
674 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
675
676 /* Auth Algorithm attribute */
677
678 static const char *const auth_alg_name[] = {
679 "AUTH_ALGORITHM_HMAC_MD5",
680 "AUTH_ALGORITHM_HMAC_SHA1",
681 "AUTH_ALGORITHM_DES_MAC",
682 "AUTH_ALGORITHM_KPDK",
683 "AUTH_ALGORITHM_HMAC_SHA2_256",
684 "AUTH_ALGORITHM_HMAC_SHA2_384",
685 "AUTH_ALGORITHM_HMAC_SHA2_512",
686 "AUTH_ALGORITHM_HMAC_RIPEMD",
687 };
688
689 static const char *const extended_auth_alg_name[] = {
690 "AUTH_ALGORITHM_NULL"
691 };
692
693 enum_names extended_auth_alg_names =
694 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
695
696 enum_names auth_alg_names =
697 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_HMAC_RIPEMD, auth_alg_name
698 , &extended_auth_alg_names };
699
700 /* From draft-beaulieu-ike-xauth */
701 static const char *const xauth_type_name[] = {
702 "Generic",
703 "RADIUS-CHAP",
704 "OTP",
705 "S/KEY",
706 };
707
708 enum_names xauth_type_names =
709 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
710
711 /* From draft-beaulieu-ike-xauth */
712 static const char *const xauth_attr_tv_name[] = {
713 "XAUTH_TYPE",
714 NULL,
715 NULL,
716 NULL,
717 NULL,
718 NULL,
719 NULL,
720 "XAUTH_STATUS",
721 };
722
723 enum_names xauth_attr_tv_names = {
724 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
725 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
726
727 static const char *const unity_attr_name[] = {
728 "UNITY_BANNER",
729 "UNITY_SAVE_PASSWD",
730 "UNITY_DEF_DOMAIN",
731 "UNITY_SPLITDNS_NAME",
732 "UNITY_SPLIT_INCLUDE",
733 "UNITY_NATT_PORT",
734 "UNITY_LOCAL_LAN",
735 "UNITY_PFS",
736 "UNITY_FW_TYPE",
737 "UNITY_BACKUP_SERVERS",
738 "UNITY_DDNS_HOSTNAME",
739 };
740
741 enum_names unity_attr_names =
742 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
743
744
745 static const char *const xauth_attr_name[] = {
746 "XAUTH_USER_NAME",
747 "XAUTH_USER_PASSWORD",
748 "XAUTH_PASSCODE",
749 "XAUTH_MESSAGE",
750 "XAUTH_CHALLENGE",
751 "XAUTH_DOMAIN",
752 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
753 "XAUTH_NEXT_PIN",
754 "XAUTH_ANSWER",
755 };
756
757 enum_names xauth_attr_names =
758 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &unity_attr_names };
759
760 static const char *const modecfg_attr_name[] = {
761 "INTERNAL_IP4_ADDRESS",
762 "INTERNAL_IP4_NETMASK",
763 "INTERNAL_IP4_DNS",
764 "INTERNAL_IP4_NBNS",
765 "INTERNAL_ADDRESS_EXPIRY",
766 "INTERNAL_IP4_DHCP",
767 "APPLICATION_VERSION",
768 "INTERNAL_IP6_ADDRESS",
769 "INTERNAL_IP6_NETMASK",
770 "INTERNAL_IP6_DNS",
771 "INTERNAL_IP6_NBNS",
772 "INTERNAL_IP6_DHCP",
773 "INTERNAL_IP4_SUBNET",
774 "SUPPORTED_ATTRIBUTES",
775 "INTERNAL_IP6_SUBNET",
776 };
777
778 enum_names modecfg_attr_names =
779 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
780
781 /* Oakley Lifetime Type attribute */
782
783 static const char *const oakley_lifetime_name[] = {
784 "OAKLEY_LIFE_SECONDS",
785 "OAKLEY_LIFE_KILOBYTES",
786 };
787
788 enum_names oakley_lifetime_names =
789 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
790
791 /* Oakley PRF attribute (none defined) */
792
793 enum_names oakley_prf_names =
794 { 1, 0, NULL, NULL };
795
796 /* Oakley Encryption Algorithm attribute */
797
798 static const char *const oakley_enc_name[] = {
799 "OAKLEY_DES_CBC",
800 "OAKLEY_IDEA_CBC",
801 "OAKLEY_BLOWFISH_CBC",
802 "OAKLEY_RC5_R16_B64_CBC",
803 "OAKLEY_3DES_CBC",
804 "OAKLEY_CAST_CBC",
805 "OAKLEY_AES_CBC",
806 };
807
808 #ifdef NO_EXTRA_IKE
809 enum_names oakley_enc_names =
810 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name, NULL };
811 #else
812 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
813 "OAKLEY_MARS_CBC" /* 65001 */,
814 "OAKLEY_RC6_CBC" /* 65002 */,
815 "OAKLEY_ID_65003" /* 65003 */,
816 "OAKLEY_SERPENT_CBC" /* 65004 */,
817 "OAKLEY_TWOFISH_CBC" /* 65005 */,
818 };
819 static const char *const oakley_enc_name_ssh[] = {
820 "OAKLEY_TWOFISH_CBC_SSH",
821 };
822 enum_names oakley_enc_names_ssh =
823 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
824 , NULL };
825
826 enum_names oakley_enc_names_draft_aes_cbc_02 =
827 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
828 , &oakley_enc_names_ssh };
829
830 enum_names oakley_enc_names =
831 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name
832 , &oakley_enc_names_draft_aes_cbc_02 };
833 #endif
834
835 /* Oakley Hash Algorithm attribute */
836
837 static const char *const oakley_hash_name[] = {
838 "OAKLEY_MD5",
839 "OAKLEY_SHA",
840 "OAKLEY_TIGER",
841 "OAKLEY_SHA2_256",
842 "OAKLEY_SHA2_384",
843 "OAKLEY_SHA2_512",
844 };
845
846 enum_names oakley_hash_names =
847 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
848
849 /* Oakley Authentication Method attribute */
850
851 static const char *const oakley_auth_name1[] = {
852 "OAKLEY_PRESHARED_KEY",
853 "OAKLEY_DSS_SIG",
854 "OAKLEY_RSA_SIG",
855 "OAKLEY_RSA_ENC",
856 "OAKLEY_RSA_ENC_REV",
857 "OAKLEY_ELGAMAL_ENC",
858 "OAKLEY_ELGAMAL_ENC_REV",
859 };
860
861 static const char *const oakley_auth_name2[] = {
862 "HybridInitRSA",
863 "HybridRespRSA",
864 "HybridInitDSS",
865 "HybridRespDSS",
866 };
867
868 static const char *const oakley_auth_name3[] = {
869 "XAUTHInitPreShared",
870 "XAUTHRespPreShared",
871 "XAUTHInitDSS",
872 "XAUTHRespDSS",
873 "XAUTHInitRSA",
874 "XAUTHRespRSA",
875 "XAUTHInitRSAEncryption",
876 "XAUTHRespRSAEncryption",
877 "XAUTHInitRSARevisedEncryption",
878 "XAUTHRespRSARevisedEncryption",
879 };
880
881 static enum_names oakley_auth_names1 =
882 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
883 , oakley_auth_name1, NULL };
884
885 static enum_names oakley_auth_names2 =
886 { HybridInitRSA, HybridRespDSS
887 , oakley_auth_name2, &oakley_auth_names1 };
888
889 enum_names oakley_auth_names =
890 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
891 , oakley_auth_name3, &oakley_auth_names2 };
892
893 /* Oakley Group Description attribute */
894
895 static const char *const oakley_group_name[] = {
896 "OAKLEY_GROUP_MODP768",
897 "OAKLEY_GROUP_MODP1024",
898 "OAKLEY_GROUP_GP155",
899 "OAKLEY_GROUP_GP185",
900 "OAKLEY_GROUP_MODP1536",
901 };
902
903 static const char *const oakley_group_name_rfc3526[] = {
904 "OAKLEY_GROUP_MODP2048",
905 "OAKLEY_GROUP_MODP3072",
906 "OAKLEY_GROUP_MODP4096",
907 "OAKLEY_GROUP_MODP6144",
908 "OAKLEY_GROUP_MODP8192"
909 };
910 enum_names oakley_group_names_rfc3526 =
911 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
912 oakley_group_name_rfc3526, NULL };
913
914 enum_names oakley_group_names =
915 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
916 oakley_group_name, &oakley_group_names_rfc3526 };
917
918 /* Oakley Group Type attribute */
919
920 static const char *const oakley_group_type_name[] = {
921 "OAKLEY_GROUP_TYPE_MODP",
922 "OAKLEY_GROUP_TYPE_ECP",
923 "OAKLEY_GROUP_TYPE_EC2N",
924 };
925
926 enum_names oakley_group_type_names =
927 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
928
929 /* Notify messages -- error types */
930
931 static const char *const notification_name[] = {
932 "INVALID_PAYLOAD_TYPE",
933 "DOI_NOT_SUPPORTED",
934 "SITUATION_NOT_SUPPORTED",
935 "INVALID_COOKIE",
936 "INVALID_MAJOR_VERSION",
937 "INVALID_MINOR_VERSION",
938 "INVALID_EXCHANGE_TYPE",
939 "INVALID_FLAGS",
940 "INVALID_MESSAGE_ID",
941 "INVALID_PROTOCOL_ID",
942 "INVALID_SPI",
943 "INVALID_TRANSFORM_ID",
944 "ATTRIBUTES_NOT_SUPPORTED",
945 "NO_PROPOSAL_CHOSEN",
946 "BAD_PROPOSAL_SYNTAX",
947 "PAYLOAD_MALFORMED",
948 "INVALID_KEY_INFORMATION",
949 "INVALID_ID_INFORMATION",
950 "INVALID_CERT_ENCODING",
951 "INVALID_CERTIFICATE",
952 "CERT_TYPE_UNSUPPORTED",
953 "INVALID_CERT_AUTHORITY",
954 "INVALID_HASH_INFORMATION",
955 "AUTHENTICATION_FAILED",
956 "INVALID_SIGNATURE",
957 "ADDRESS_NOTIFICATION",
958 "NOTIFY_SA_LIFETIME",
959 "CERTIFICATE_UNAVAILABLE",
960 "UNSUPPORTED_EXCHANGE_TYPE",
961 "UNEQUAL_PAYLOAD_LENGTHS",
962 };
963
964 static const char *const notification_status_name[] = {
965 "CONNECTED",
966 };
967
968 static const char *const ipsec_notification_name[] = {
969 "IPSEC_RESPONDER_LIFETIME",
970 "IPSEC_REPLAY_STATUS",
971 "IPSEC_INITIAL_CONTACT",
972 };
973
974 static const char *const notification_dpd_name[] = {
975 "R_U_THERE",
976 "R_U_THERE_ACK",
977 };
978
979 enum_names notification_dpd_names =
980 { R_U_THERE, R_U_THERE_ACK,
981 notification_dpd_name, NULL };
982
983 enum_names ipsec_notification_names =
984 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
985 ipsec_notification_name, &notification_dpd_names };
986
987 enum_names notification_status_names =
988 { CONNECTED, CONNECTED,
989 notification_status_name, &ipsec_notification_names };
990
991 enum_names notification_names =
992 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
993 notification_name, &notification_status_names };
994
995 /* MODECFG
996 * From draft-dukes-ike-mode-cfg
997 */
998 const char *const attr_msg_type_name[] = {
999 "ISAKMP_CFG_RESERVED",
1000 "ISAKMP_CFG_REQUEST",
1001 "ISAKMP_CFG_REPLY",
1002 "ISAKMP_CFG_SET",
1003 "ISAKMP_CFG_ACK",
1004 NULL
1005 };
1006
1007 enum_names attr_msg_type_names =
1008 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1009
1010 /* socket address family info */
1011
1012 static const char *const af_inet_name[] = {
1013 "AF_INET",
1014 };
1015
1016 static const char *const af_inet6_name[] = {
1017 "AF_INET6",
1018 };
1019
1020 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1021
1022 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1023
1024 static ip_address ipv4_any, ipv6_any;
1025 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1026 static ip_subnet ipv4_all, ipv6_all;
1027
1028 const struct af_info af_inet4_info = {
1029 AF_INET,
1030 "AF_INET",
1031 sizeof(struct in_addr),
1032 sizeof(struct sockaddr_in),
1033 32,
1034 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1035 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1036 };
1037
1038 const struct af_info af_inet6_info = {
1039 AF_INET6,
1040 "AF_INET6",
1041 sizeof(struct in6_addr),
1042 sizeof(struct sockaddr_in6),
1043 128,
1044 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1045 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1046 };
1047
1048 const struct af_info *
1049 aftoinfo(int af)
1050 {
1051 switch (af)
1052 {
1053 case AF_INET:
1054 return &af_inet4_info;
1055 case AF_INET6:
1056 return &af_inet6_info;
1057 default:
1058 return NULL;
1059 }
1060 }
1061
1062 bool
1063 subnetisnone(const ip_subnet *sn)
1064 {
1065 ip_address base;
1066
1067 networkof(sn, &base);
1068 return isanyaddr(&base) && subnetishost(sn);
1069 }
1070
1071 /* BIND enumerated types */
1072
1073 #include <arpa/nameser.h>
1074
1075 static const char *const rr_type_name[] = {
1076 "T_A", /* 1 host address */
1077 "T_NS", /* 2 authoritative server */
1078 "T_MD", /* 3 mail destination */
1079 "T_MF", /* 4 mail forwarder */
1080 "T_CNAME", /* 5 canonical name */
1081 "T_SOA", /* 6 start of authority zone */
1082 "T_MB", /* 7 mailbox domain name */
1083 "T_MG", /* 8 mail group member */
1084 "T_MR", /* 9 mail rename name */
1085 "T_NULL", /* 10 null resource record */
1086 "T_WKS", /* 11 well known service */
1087 "T_PTR", /* 12 domain name pointer */
1088 "T_HINFO", /* 13 host information */
1089 "T_MINFO", /* 14 mailbox information */
1090 "T_MX", /* 15 mail routing information */
1091 "T_TXT", /* 16 text strings */
1092 "T_RP", /* 17 responsible person */
1093 "T_AFSDB", /* 18 AFS cell database */
1094 "T_X25", /* 19 X_25 calling address */
1095 "T_ISDN", /* 20 ISDN calling address */
1096 "T_RT", /* 21 router */
1097 "T_NSAP", /* 22 NSAP address */
1098 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1099 "T_SIG", /* 24 security signature */
1100 "T_KEY", /* 25 security key */
1101 "T_PX", /* 26 X.400 mail mapping */
1102 "T_GPOS", /* 27 geographical position (withdrawn) */
1103 "T_AAAA", /* 28 IP6 Address */
1104 "T_LOC", /* 29 Location Information */
1105 "T_NXT", /* 30 Next Valid Name in Zone */
1106 "T_EID", /* 31 Endpoint identifier */
1107 "T_NIMLOC", /* 32 Nimrod locator */
1108 "T_SRV", /* 33 Server selection */
1109 "T_ATMA", /* 34 ATM Address */
1110 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1111 NULL
1112 };
1113
1114 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1115
1116 /* Query type values which do not appear in resource records */
1117 static const char *const rr_qtype_name[] = {
1118 "T_IXFR", /* 251 incremental zone transfer */
1119 "T_AXFR", /* 252 transfer zone of authority */
1120 "T_MAILB", /* 253 transfer mailbox records */
1121 "T_MAILA", /* 254 transfer mail agent records */
1122 "T_ANY", /* 255 wildcard match */
1123 NULL
1124 };
1125
1126 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1127
1128 static const char *const rr_class_name[] = {
1129 "C_IN", /* 1 the arpa internet */
1130 NULL
1131 };
1132
1133 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1134
1135 /*
1136 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1137 *
1138 */
1139 const char *const natt_type_bitnames[] = {
1140 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1141 "draft-ietf-ipsec-nat-t-ike-02/03",
1142 "RFC 3947",
1143 "3", /* 3 */
1144 "4", "5", "6", "7",
1145 "8", "9", "10", "11",
1146 "12", "13", "14", "15",
1147 "16", "17", "18", "19",
1148 "20", "21", "22", "23",
1149 "24", "25", "26", "27",
1150 "28", "29",
1151 "nat is behind me",
1152 "nat is behind peer"
1153 };
1154
1155 /* look up enum names in an enum_names */
1156
1157 const char *
1158 enum_name(enum_names *ed, unsigned long val)
1159 {
1160 enum_names *p;
1161
1162 for (p = ed; p != NULL; p = p->en_next_range)
1163 {
1164 if (p->en_first <= val && val <= p->en_last)
1165 return p->en_names[val - p->en_first];
1166 }
1167 return NULL;
1168 }
1169
1170 /* find or construct a string to describe an enum value
1171 * Result may be in STATIC buffer!
1172 */
1173 const char *
1174 enum_show(enum_names *ed, unsigned long val)
1175 {
1176 const char *p = enum_name(ed, val);
1177
1178 if (p == NULL)
1179 {
1180 static char buf[12]; /* only one! I hope that it is big enough */
1181
1182 snprintf(buf, sizeof(buf), "%lu??", val);
1183 p = buf;
1184 }
1185 return p;
1186 }
1187
1188
1189 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1190
1191 int
1192 enum_search(enum_names *ed, const char *str)
1193 {
1194 enum_names *p;
1195 const char *ptr;
1196 unsigned en;
1197
1198 for (p = ed; p != NULL; p = p->en_next_range)
1199 for (en = p->en_first; en <= p->en_last ;en++)
1200 {
1201 ptr = p->en_names[en - p->en_first];
1202 if (ptr == 0) continue;
1203 /* if (strncmp(ptr, str, strlen(ptr))==0) */
1204 if (strcmp(ptr, str) == 0)
1205 return en;
1206 }
1207 return -1;
1208 }
1209
1210 /* construct a string to name the bits on in a set
1211 * Result may be in STATIC buffer!
1212 * Note: prettypolicy depends on internal details.
1213 */
1214 const char *
1215 bitnamesof(const char *const table[], lset_t val)
1216 {
1217 char *p = bitnamesbuf;
1218 lset_t bit;
1219 const char *const *tp;
1220
1221 if (val == 0)
1222 return "none";
1223
1224 for (tp = table, bit = 01; val != 0; bit <<= 1)
1225 {
1226 if (val & bit)
1227 {
1228 const char *n = *tp;
1229 size_t nl;
1230
1231 if (n == NULL || *n == '\0')
1232 {
1233 /* no name for this bit, so use hex */
1234 static char flagbuf[sizeof("0x80000000")];
1235
1236 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1237 n = flagbuf;
1238 }
1239
1240 nl = strlen(n);
1241
1242 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1243 *p++ = '+';
1244
1245 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1246 {
1247 strcpy(p, n);
1248 p += nl;
1249 }
1250 val -= bit;
1251 }
1252 if (*tp != NULL)
1253 tp++; /* move on, but not past end */
1254 }
1255 *p = '\0';
1256 return bitnamesbuf;
1257 }
1258
1259 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1260 * Suppress the shunt and fail fields if 0.
1261 */
1262 const char *
1263 prettypolicy(lset_t policy)
1264 {
1265 const char *bn = bitnamesof(sa_policy_bit_names
1266 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1267 size_t len;
1268 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1269 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1270
1271 if (bn != bitnamesbuf)
1272 bitnamesbuf[0] = '\0';
1273 len = strlen(bitnamesbuf);
1274 if (shunt != 0)
1275 {
1276 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1277 , policy_shunt_names[shunt]);
1278 len += strlen(bitnamesbuf + len);
1279 }
1280 if (fail != 0)
1281 {
1282 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1283 , policy_fail_names[fail]);
1284 len += strlen(bitnamesbuf + len);
1285 }
1286 if (NEVER_NEGOTIATE(policy))
1287 {
1288 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1289 len += strlen(bitnamesbuf + len);
1290 }
1291 return bitnamesbuf;
1292 }
1293
1294 /* test a set by seeing if all bits have names */
1295
1296 bool
1297 testset(const char *const table[], lset_t val)
1298 {
1299 lset_t bit;
1300 const char *const *tp;
1301
1302 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1303 {
1304 const char *n = *tp;
1305
1306 if (n == NULL || ((val & bit) && *n == '\0'))
1307 return FALSE;
1308 val &= ~bit;
1309 }
1310 return TRUE;
1311 }
1312
1313
1314 const char sparse_end[] = "end of sparse names";
1315
1316 /* look up enum names in a sparse_names */
1317 const char *sparse_name(sparse_names sd, unsigned long val)
1318 {
1319 const struct sparse_name *p;
1320
1321 for (p = sd; p->name != sparse_end; p++)
1322 if (p->val == val)
1323 return p->name;
1324 return NULL;
1325 }
1326
1327 /* find or construct a string to describe an sparse value
1328 * Result may be in STATIC buffer!
1329 */
1330 const char *
1331 sparse_val_show(sparse_names sd, unsigned long val)
1332 {
1333 const char *p = sparse_name(sd, val);
1334
1335 if (p == NULL)
1336 {
1337 static char buf[12]; /* only one! I hope that it is big enough */
1338
1339 snprintf(buf, sizeof(buf), "%lu??", val);
1340 p = buf;
1341 }
1342 return p;
1343 }
1344
1345 void init_constants(void)
1346 {
1347 happy(anyaddr(AF_INET, &ipv4_any));
1348 happy(anyaddr(AF_INET6, &ipv6_any));
1349
1350 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1351 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1352
1353 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1354 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1355 }