added OAKLEY_CAMELLIA
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 /*
16 * Note that the array sizes are all specified; this is to enable range
17 * checking by code that only includes constants.h.
18 */
19
20 #include <stddef.h>
21 #include <string.h>
22 #include <stdio.h>
23 #include <netinet/in.h>
24
25 #include <freeswan.h>
26 #include <ipsec_policy.h>
27
28 #include "constants.h"
29 #include "defs.h"
30 #include "log.h"
31 #include "packet.h"
32
33 /* string naming compile-time options that have interop implications */
34
35 const char compile_time_interop_options[] = ""
36 #ifdef THREADS
37 " THREADS"
38 #endif
39 #ifdef SMARTCARD
40 " SMARTCARD"
41 #endif
42 #ifdef VENDORID
43 " VENDORID"
44 #endif
45 #ifdef CISCO_QUIRKS
46 " CISCO_QUIRKS"
47 #endif
48 #ifdef USE_KEYRR
49 " KEYRR"
50 #endif
51 ;
52
53 /* version */
54
55 static const char *const version_name[] = {
56 "ISAKMP Version 1.0",
57 };
58
59 enum_names version_names =
60 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
61 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
62 version_name, NULL };
63
64 /* RFC 2459 CRL reason codes */
65
66 ENUM(crl_reason_names, REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL,
67 "unspecified",
68 "key compromise",
69 "ca compromise",
70 "affiliation changed",
71 "superseded",
72 "cessation of operation",
73 "certificate hold",
74 "reason #7",
75 "remove from crl"
76 );
77
78 /* RFC 3706 Dead Peer Detection */
79
80 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
81 "none",
82 "clear",
83 "hold",
84 "restart"
85 );
86
87 /* Timer events */
88
89 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
90 "EVENT_NULL",
91 "EVENT_REINIT_SECRET",
92 "EVENT_SHUNT_SCAN",
93 "EVENT_SO_DISCARD",
94 "EVENT_RETRANSMIT",
95 "EVENT_SA_REPLACE",
96 "EVENT_SA_REPLACE_IF_USED",
97 "EVENT_SA_EXPIRE",
98 "EVENT_NAT_T_KEEPALIVE",
99 "EVENT_DPD",
100 "EVENT_DPD_TIMEOUT",
101 "EVENT_LOG_DAILY"
102 );
103
104 /* Domain of Interpretation */
105
106 static const char *const doi_name[] = {
107 "ISAKMP_DOI_ISAKMP",
108 "ISAKMP_DOI_IPSEC",
109 };
110
111 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
112
113 /* debugging settings: a set of selections for reporting
114 * These would be more naturally situated in log.h,
115 * but they are shared with whack.
116 * It turns out that "debug-" is clutter in all contexts this is used,
117 * so we leave it off.
118 */
119 #ifdef DEBUG
120 const char *const debug_bit_names[] = {
121 "raw",
122 "crypt",
123 "parsing",
124 "emitting",
125 "control",
126 "lifecycle",
127 "klips",
128 "dns",
129 "natt",
130 "oppo",
131 "controlmore",
132
133 "private",
134
135 "impair-delay-adns-key-answer",
136 "impair-delay-adns-txt-answer",
137 "impair-bust-mi2",
138 "impair-bust-mr2",
139
140 NULL
141 };
142 #endif
143
144 /* State of exchanges */
145
146 static const char *const state_name[] = {
147 "STATE_MAIN_R0",
148 "STATE_MAIN_I1",
149 "STATE_MAIN_R1",
150 "STATE_MAIN_I2",
151 "STATE_MAIN_R2",
152 "STATE_MAIN_I3",
153 "STATE_MAIN_R3",
154 "STATE_MAIN_I4",
155
156 "STATE_QUICK_R0",
157 "STATE_QUICK_I1",
158 "STATE_QUICK_R1",
159 "STATE_QUICK_I2",
160 "STATE_QUICK_R2",
161
162 "STATE_INFO",
163 "STATE_INFO_PROTECTED",
164
165 "STATE_XAUTH_I0",
166 "STATE_XAUTH_R1",
167 "STATE_XAUTH_I1",
168 "STATE_XAUTH_R2",
169 "STATE_XAUTH_I2",
170 "STATE_XAUTH_R3",
171
172 "STATE_MODE_CFG_R0",
173 "STATE_MODE_CFG_I1",
174 "STATE_MODE_CFG_R1",
175 "STATE_MODE_CFG_I2",
176
177 "STATE_MODE_CFG_I0",
178 "STATE_MODE_CFG_R3",
179 "STATE_MODE_CFG_I3",
180 "STATE_MODE_CFG_R4",
181
182 "STATE_IKE_ROOF"
183 };
184
185 enum_names state_names =
186 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
187
188 /* story for state */
189
190 const char *const state_story[] = {
191 "expecting MI1", /* STATE_MAIN_R0 */
192 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
193 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
194 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
195 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
196 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
197 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
198 "ISAKMP SA established", /* STATE_MAIN_I4 */
199
200 "expecting QI1", /* STATE_QUICK_R0 */
201 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
202 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
203 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
204 "IPsec SA established", /* STATE_QUICK_R2 */
205
206 "got Informational Message in clear", /* STATE_INFO */
207 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
208
209 "expecting XAUTH request", /* STATE_XAUTH_I0 */
210 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
211 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
212 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
213 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
214 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
215
216 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
217 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
218 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
219 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
220
221 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
222 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
223 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
224 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
225 };
226
227 /* kind of struct connection */
228
229 static const char *const connection_kind_name[] = {
230 "CK_GROUP", /* policy group: instantiates to template */
231 "CK_TEMPLATE", /* abstract connection, with wildcard */
232 "CK_PERMANENT", /* normal connection */
233 "CK_INSTANCE", /* instance of template, created for a particular attempt */
234 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
235 };
236
237 enum_names connection_kind_names =
238 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
239
240 /* routing status names */
241
242 static const char *const routing_story_strings[] = {
243 "unrouted", /* RT_UNROUTED: unrouted */
244 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
245 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
246 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
247 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
248 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
249 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
250 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
251 };
252
253 enum_names routing_story =
254 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
255
256 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
257
258 const char *const payload_name[] = {
259 "ISAKMP_NEXT_NONE",
260 "ISAKMP_NEXT_SA",
261 "ISAKMP_NEXT_P",
262 "ISAKMP_NEXT_T",
263 "ISAKMP_NEXT_KE",
264 "ISAKMP_NEXT_ID",
265 "ISAKMP_NEXT_CERT",
266 "ISAKMP_NEXT_CR",
267 "ISAKMP_NEXT_HASH",
268 "ISAKMP_NEXT_SIG",
269 "ISAKMP_NEXT_NONCE",
270 "ISAKMP_NEXT_N",
271 "ISAKMP_NEXT_D",
272 "ISAKMP_NEXT_VID",
273 "ISAKMP_NEXT_MODECFG",
274 "ISAKMP_NEXT_15",
275 "ISAKMP_NEXT_16",
276 "ISAKMP_NEXT_17",
277 "ISAKMP_NEXT_18",
278 "ISAKMP_NEXT_19",
279 "ISAKMP_NEXT_NAT-D",
280 "ISAKMP_NEXT_NAT-OA",
281 NULL
282 };
283
284 const char *const payload_name_nat_d[] = {
285 "ISAKMP_NEXT_NAT-D",
286 "ISAKMP_NEXT_NAT-OA", NULL
287 };
288
289 static enum_names payload_names_nat_d =
290 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
291
292 enum_names payload_names =
293 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
294
295 /* Exchange types (note: two discontinuous ranges) */
296
297 static const char *const exchange_name[] = {
298 "ISAKMP_XCHG_NONE",
299 "ISAKMP_XCHG_BASE",
300 "ISAKMP_XCHG_IDPROT",
301 "ISAKMP_XCHG_AO",
302 "ISAKMP_XCHG_AGGR",
303 "ISAKMP_XCHG_INFO",
304 "ISAKMP_XCHG_MODE_CFG",
305 };
306
307 static const char *const exchange_name2[] = {
308 "ISAKMP_XCHG_QUICK",
309 "ISAKMP_XCHG_NGRP",
310 "ISAKMP_XCHG_ACK_INFO",
311 };
312
313 static enum_names exchange_desc2 =
314 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
315
316 enum_names exchange_names =
317 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
318
319 /* Flag BITS */
320 const char *const flag_bit_names[] = {
321 "ISAKMP_FLAG_ENCRYPTION",
322 "ISAKMP_FLAG_COMMIT",
323 NULL
324 };
325
326 /* Situation BITS definition for IPsec DOI */
327
328 const char *const sit_bit_names[] = {
329 "SIT_IDENTITY_ONLY",
330 "SIT_SECRECY",
331 "SIT_INTEGRITY",
332 NULL
333 };
334
335 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
336
337 static const char *const protocol_name[] = {
338 "PROTO_ISAKMP",
339 "PROTO_IPSEC_AH",
340 "PROTO_IPSEC_ESP",
341 "PROTO_IPCOMP",
342 };
343
344 enum_names protocol_names =
345 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
346
347 /* IPsec ISAKMP transform values */
348
349 static const char *const isakmp_transform_name[] = {
350 "KEY_IKE",
351 };
352
353 enum_names isakmp_transformid_names =
354 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
355
356 /* IPsec AH transform values */
357
358 static const char *const ah_transform_name[] = {
359 "AH_MD5",
360 "AH_SHA",
361 "AH_DES",
362 "AH_SHA2_256",
363 "AH_SHA2_384",
364 "AH_SHA2_512",
365 "AH_RIPEMD",
366 "AH_AES_XCBC_MAC",
367 "AH_RSA"
368 };
369
370 enum_names ah_transformid_names =
371 { AH_MD5, AH_RSA, ah_transform_name, NULL };
372
373 /* IPsec ESP transform values */
374
375 static const char *const esp_transform_name[] = {
376 "ESP_DES_IV64",
377 "ESP_DES",
378 "ESP_3DES",
379 "ESP_RC5",
380 "ESP_IDEA",
381 "ESP_CAST",
382 "ESP_BLOWFISH",
383 "ESP_3IDEA",
384 "ESP_DES_IV32",
385 "ESP_RC4",
386 "ESP_NULL",
387 "ESP_AES",
388 "ESP_AES-CTR",
389 "ESP_AES-CCM_8",
390 "ESP_AES-CCM_12",
391 "ESP_AES-CCM_16",
392 "ESP_UNASSIGNED_17",
393 "ESP_AES_GCM_8",
394 "ESP_AES_GCM_12",
395 "ESP_AES_GCM_16",
396 "ESP_SEED_CBC",
397 "ESP_CAMELLIA"
398 };
399
400 /*
401 * ipsec drafts suggest "high" ESP ids values for testing,
402 * assign generic ESP_ID<num> if not officially defined
403 */
404 static const char *const esp_transform_name_high[] = {
405 "ESP_SERPENT",
406 "ESP_TWOFISH"
407 };
408
409 enum_names esp_transformid_names_high =
410 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
411
412 enum_names esp_transformid_names =
413 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
414
415 /* IPCOMP transform values */
416
417 static const char *const ipcomp_transform_name[] = {
418 "IPCOMP_OUI",
419 "IPCOMP_DEFLAT",
420 "IPCOMP_LZS",
421 "IPCOMP_LZJH",
422 };
423
424 enum_names ipcomp_transformid_names =
425 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
426
427 /* Identification type values */
428
429 static const char *const ident_name[] = {
430 "ID_IPV4_ADDR",
431 "ID_FQDN",
432 "ID_USER_FQDN",
433 "ID_IPV4_ADDR_SUBNET",
434 "ID_IPV6_ADDR",
435 "ID_IPV6_ADDR_SUBNET",
436 "ID_IPV4_ADDR_RANGE",
437 "ID_IPV6_ADDR_RANGE",
438 "ID_DER_ASN1_DN",
439 "ID_DER_ASN1_GN",
440 "ID_KEY_ID",
441 };
442
443 enum_names ident_names =
444 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
445
446 /* Certificate type values */
447
448 static const char *const cert_type_name[] = {
449 "CERT_NONE",
450 "CERT_PKCS7_WRAPPED_X509",
451 "CERT_PGP",
452 "CERT_DNS_SIGNED_KEY",
453 "CERT_X509_SIGNATURE",
454 "CERT_X509_KEY_EXCHANGE",
455 "CERT_KERBEROS_TOKENS",
456 "CERT_CRL",
457 "CERT_ARL",
458 "CERT_SPKI",
459 "CERT_X509_ATTRIBUTE",
460 };
461
462 enum_names cert_type_names =
463 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
464
465 /* Certificate policy names */
466
467 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
468 "ALWAYS_SEND",
469 "SEND_IF_ASKED",
470 "NEVER_SEND",
471 );
472
473 /* Goal BITs for establishing an SA
474 * Note: we drop the POLICY_ prefix so that logs are more concise.
475 */
476
477 const char *const sa_policy_bit_names[] = {
478 "PSK",
479 "RSASIG",
480 "ENCRYPT",
481 "AUTHENTICATE",
482 "COMPRESS",
483 "TUNNEL",
484 "PFS",
485 "DISABLEARRIVALCHECK",
486 "SHUNT0",
487 "SHUNT1",
488 "FAILSHUNT0",
489 "FAILSHUNT1",
490 "DONTREKEY",
491 "OPPORTUNISTIC",
492 "GROUP",
493 "GROUTED",
494 "UP",
495 "MODECFGPUSH",
496 "XAUTHPSK",
497 "XAUTHRSASIG",
498 "XAUTHSERVER",
499 "DONTREAUTH",
500 "BEET",
501 "MOBIKE",
502 "ECDSA",
503 "PROXY",
504 NULL
505 };
506
507 const char *const policy_shunt_names[4] = {
508 "TRAP",
509 "PASS",
510 "DROP",
511 "REJECT",
512 };
513
514 const char *const policy_fail_names[4] = {
515 "NONE",
516 "PASS",
517 "DROP",
518 "REJECT",
519 };
520
521 /* Oakley transform attributes
522 * oakley_attr_bit_names does double duty: it is used for enum names
523 * and bit names.
524 */
525
526 const char *const oakley_attr_bit_names[] = {
527 "OAKLEY_ENCRYPTION_ALGORITHM",
528 "OAKLEY_HASH_ALGORITHM",
529 "OAKLEY_AUTHENTICATION_METHOD",
530 "OAKLEY_GROUP_DESCRIPTION",
531 "OAKLEY_GROUP_TYPE",
532 "OAKLEY_GROUP_PRIME",
533 "OAKLEY_GROUP_GENERATOR_ONE",
534 "OAKLEY_GROUP_GENERATOR_TWO",
535 "OAKLEY_GROUP_CURVE_A",
536 "OAKLEY_GROUP_CURVE_B",
537 "OAKLEY_LIFE_TYPE",
538 "OAKLEY_LIFE_DURATION",
539 "OAKLEY_PRF",
540 "OAKLEY_KEY_LENGTH",
541 "OAKLEY_FIELD_SIZE",
542 "OAKLEY_GROUP_ORDER",
543 "OAKLEY_BLOCK_SIZE",
544 NULL
545 };
546
547 static const char *const oakley_var_attr_name[] = {
548 "OAKLEY_GROUP_PRIME (variable length)",
549 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
550 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
551 "OAKLEY_GROUP_CURVE_A (variable length)",
552 "OAKLEY_GROUP_CURVE_B (variable length)",
553 NULL,
554 "OAKLEY_LIFE_DURATION (variable length)",
555 NULL,
556 NULL,
557 NULL,
558 "OAKLEY_GROUP_ORDER (variable length)",
559 };
560
561 static enum_names oakley_attr_desc_tv = {
562 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
563 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
564
565 enum_names oakley_attr_names = {
566 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
567 oakley_var_attr_name, &oakley_attr_desc_tv };
568
569 /* for each Oakley attribute, which enum_names describes its values? */
570 enum_names *oakley_attr_val_descs[] = {
571 NULL, /* (none) */
572 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
573 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
574 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
575 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
576 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
577 NULL, /* OAKLEY_GROUP_PRIME */
578 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
579 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
580 NULL, /* OAKLEY_GROUP_CURVE_A */
581 NULL, /* OAKLEY_GROUP_CURVE_B */
582 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
583 NULL, /* OAKLEY_LIFE_DURATION */
584 &oakley_prf_names, /* OAKLEY_PRF */
585 NULL, /* OAKLEY_KEY_LENGTH */
586 NULL, /* OAKLEY_FIELD_SIZE */
587 NULL, /* OAKLEY_GROUP_ORDER */
588 };
589
590 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
591
592 static const char *const ipsec_attr_name[] = {
593 "SA_LIFE_TYPE",
594 "SA_LIFE_DURATION",
595 "GROUP_DESCRIPTION",
596 "ENCAPSULATION_MODE",
597 "AUTH_ALGORITHM",
598 "KEY_LENGTH",
599 "KEY_ROUNDS",
600 "COMPRESS_DICT_SIZE",
601 "COMPRESS_PRIVATE_ALG",
602 };
603
604 static const char *const ipsec_var_attr_name[] = {
605 "SA_LIFE_DURATION (variable length)",
606 NULL,
607 NULL,
608 NULL,
609 NULL,
610 NULL,
611 NULL,
612 "COMPRESS_PRIVATE_ALG (variable length)",
613 };
614
615 static enum_names ipsec_attr_desc_tv = {
616 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
617 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
618 ipsec_attr_name, NULL };
619
620 enum_names ipsec_attr_names = {
621 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
622 ipsec_var_attr_name, &ipsec_attr_desc_tv };
623
624 /* for each IPsec attribute, which enum_names describes its values? */
625 enum_names *ipsec_attr_val_descs[] = {
626 NULL, /* (none) */
627 &sa_lifetime_names, /* SA_LIFE_TYPE */
628 NULL, /* SA_LIFE_DURATION */
629 &oakley_group_names, /* GROUP_DESCRIPTION */
630 &enc_mode_names, /* ENCAPSULATION_MODE */
631 &auth_alg_names, /* AUTH_ALGORITHM */
632 NULL, /* KEY_LENGTH */
633 NULL, /* KEY_ROUNDS */
634 NULL, /* COMPRESS_DICT_SIZE */
635 NULL, /* COMPRESS_PRIVATE_ALG */
636 };
637
638 /* SA Lifetime Type attribute */
639
640 static const char *const sa_lifetime_name[] = {
641 "SA_LIFE_TYPE_SECONDS",
642 "SA_LIFE_TYPE_KBYTES",
643 };
644
645 enum_names sa_lifetime_names =
646 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
647
648 /* Encapsulation Mode attribute */
649
650 static const char *const enc_mode_name[] = {
651 "ENCAPSULATION_MODE_TUNNEL",
652 "ENCAPSULATION_MODE_TRANSPORT",
653 "ENCAPSULATION_MODE_UDP_TUNNEL",
654 "ENCAPSULATION_MODE_UDP_TRANSPORT",
655 };
656
657 static const char *const enc_udp_mode_name[] = {
658 "ENCAPSULATION_MODE_UDP_TUNNEL",
659 "ENCAPSULATION_MODE_UDP_TRANSPORT",
660 };
661
662 static enum_names enc_udp_mode_names =
663 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
664
665 enum_names enc_mode_names =
666 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
667
668 /* Auth Algorithm attribute */
669
670 static const char *const auth_alg_name[] = {
671 "AUTH_ALGORITHM_HMAC_MD5",
672 "AUTH_ALGORITHM_HMAC_SHA1",
673 "AUTH_ALGORITHM_DES_MAC",
674 "AUTH_ALGORITHM_KPDK",
675 "AUTH_ALGORITHM_HMAC_SHA2_256",
676 "AUTH_ALGORITHM_HMAC_SHA2_384",
677 "AUTH_ALGORITHM_HMAC_SHA2_512",
678 "AUTH_ALGORITHM_HMAC_RIPEMD",
679 "AUTH_ALGORITHM_AES_XCBC_MAC",
680 "AUTH_ALGORITHM_SIG_RSA"
681 };
682
683 static const char *const extended_auth_alg_name[] = {
684 "AUTH_ALGORITHM_NULL"
685 };
686
687 enum_names extended_auth_alg_names =
688 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
689
690 enum_names auth_alg_names =
691 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
692 , &extended_auth_alg_names };
693
694 /* From draft-beaulieu-ike-xauth */
695 static const char *const xauth_type_name[] = {
696 "Generic",
697 "RADIUS-CHAP",
698 "OTP",
699 "S/KEY",
700 };
701
702 enum_names xauth_type_names =
703 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
704
705 /* From draft-beaulieu-ike-xauth */
706 static const char *const xauth_attr_tv_name[] = {
707 "XAUTH_TYPE",
708 NULL,
709 NULL,
710 NULL,
711 NULL,
712 NULL,
713 NULL,
714 "XAUTH_STATUS",
715 };
716
717 enum_names xauth_attr_tv_names = {
718 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
719 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
720
721 static const char *const unity_attr_name[] = {
722 "UNITY_BANNER",
723 "UNITY_SAVE_PASSWD",
724 "UNITY_DEF_DOMAIN",
725 "UNITY_SPLITDNS_NAME",
726 "UNITY_SPLIT_INCLUDE",
727 "UNITY_NATT_PORT",
728 "UNITY_LOCAL_LAN",
729 "UNITY_PFS",
730 "UNITY_FW_TYPE",
731 "UNITY_BACKUP_SERVERS",
732 "UNITY_DDNS_HOSTNAME",
733 };
734
735 enum_names unity_attr_names =
736 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
737
738 static const char *const microsoft_attr_name[] = {
739 "INTERNAL_IP4_SERVER",
740 "INTERNAL_IP6_SERVER",
741 };
742
743 enum_names microsoft_attr_names =
744 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
745
746 static const char *const xauth_attr_name[] = {
747 "XAUTH_USER_NAME",
748 "XAUTH_USER_PASSWORD",
749 "XAUTH_PASSCODE",
750 "XAUTH_MESSAGE",
751 "XAUTH_CHALLENGE",
752 "XAUTH_DOMAIN",
753 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
754 "XAUTH_NEXT_PIN",
755 "XAUTH_ANSWER",
756 };
757
758 enum_names xauth_attr_names =
759 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
760
761 static const char *const modecfg_attr_name[] = {
762 "INTERNAL_IP4_ADDRESS",
763 "INTERNAL_IP4_NETMASK",
764 "INTERNAL_IP4_DNS",
765 "INTERNAL_IP4_NBNS",
766 "INTERNAL_ADDRESS_EXPIRY",
767 "INTERNAL_IP4_DHCP",
768 "APPLICATION_VERSION",
769 "INTERNAL_IP6_ADDRESS",
770 "INTERNAL_IP6_NETMASK",
771 "INTERNAL_IP6_DNS",
772 "INTERNAL_IP6_NBNS",
773 "INTERNAL_IP6_DHCP",
774 "INTERNAL_IP4_SUBNET",
775 "SUPPORTED_ATTRIBUTES",
776 "INTERNAL_IP6_SUBNET",
777 };
778
779 enum_names modecfg_attr_names =
780 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
781
782 /* Oakley Lifetime Type attribute */
783
784 static const char *const oakley_lifetime_name[] = {
785 "OAKLEY_LIFE_SECONDS",
786 "OAKLEY_LIFE_KILOBYTES",
787 };
788
789 enum_names oakley_lifetime_names =
790 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
791
792 /* Oakley PRF attribute (none defined) */
793
794 enum_names oakley_prf_names =
795 { 1, 0, NULL, NULL };
796
797 /* Oakley Encryption Algorithm attribute */
798
799 static const char *const oakley_enc_name[] = {
800 "OAKLEY_DES_CBC",
801 "OAKLEY_IDEA_CBC",
802 "OAKLEY_BLOWFISH_CBC",
803 "OAKLEY_RC5_R16_B64_CBC",
804 "OAKLEY_3DES_CBC",
805 "OAKLEY_CAST_CBC",
806 "OAKLEY_AES_CBC",
807 "OAKLEY_CAMELLIA_CBC"
808 };
809
810 #ifdef NO_EXTRA_IKE
811 enum_names oakley_enc_names =
812 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
813 #else
814 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
815 "OAKLEY_MARS_CBC" /* 65001 */,
816 "OAKLEY_RC6_CBC" /* 65002 */,
817 "OAKLEY_ID_65003" /* 65003 */,
818 "OAKLEY_SERPENT_CBC" /* 65004 */,
819 "OAKLEY_TWOFISH_CBC" /* 65005 */,
820 };
821
822 static const char *const oakley_enc_name_ssh[] = {
823 "OAKLEY_TWOFISH_CBC_SSH",
824 };
825
826 enum_names oakley_enc_names_ssh =
827 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
828 , NULL };
829
830 enum_names oakley_enc_names_draft_aes_cbc_02 =
831 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
832 , &oakley_enc_names_ssh };
833
834 enum_names oakley_enc_names =
835 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
836 , &oakley_enc_names_draft_aes_cbc_02 };
837 #endif
838
839 /* Oakley Hash Algorithm attribute */
840
841 static const char *const oakley_hash_name[] = {
842 "OAKLEY_MD5",
843 "OAKLEY_SHA",
844 "OAKLEY_TIGER",
845 "OAKLEY_SHA2_256",
846 "OAKLEY_SHA2_384",
847 "OAKLEY_SHA2_512",
848 };
849
850 enum_names oakley_hash_names =
851 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
852
853 /* Oakley Authentication Method attribute */
854
855 static const char *const oakley_auth_name1[] = {
856 "OAKLEY_PRESHARED_KEY",
857 "OAKLEY_DSS_SIG",
858 "OAKLEY_RSA_SIG",
859 "OAKLEY_RSA_ENC",
860 "OAKLEY_RSA_ENC_REV",
861 "OAKLEY_ELGAMAL_ENC",
862 "OAKLEY_ELGAMAL_ENC_REV",
863 };
864
865 static const char *const oakley_auth_name2[] = {
866 "HybridInitRSA",
867 "HybridRespRSA",
868 "HybridInitDSS",
869 "HybridRespDSS",
870 };
871
872 static const char *const oakley_auth_name3[] = {
873 "XAUTHInitPreShared",
874 "XAUTHRespPreShared",
875 "XAUTHInitDSS",
876 "XAUTHRespDSS",
877 "XAUTHInitRSA",
878 "XAUTHRespRSA",
879 "XAUTHInitRSAEncryption",
880 "XAUTHRespRSAEncryption",
881 "XAUTHInitRSARevisedEncryption",
882 "XAUTHRespRSARevisedEncryption",
883 };
884
885 static enum_names oakley_auth_names1 =
886 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
887 , oakley_auth_name1, NULL };
888
889 static enum_names oakley_auth_names2 =
890 { HybridInitRSA, HybridRespDSS
891 , oakley_auth_name2, &oakley_auth_names1 };
892
893 enum_names oakley_auth_names =
894 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
895 , oakley_auth_name3, &oakley_auth_names2 };
896
897 /* Oakley Group Description attribute */
898
899 static const char *const oakley_group_name[] = {
900 "OAKLEY_GROUP_MODP768",
901 "OAKLEY_GROUP_MODP1024",
902 "OAKLEY_GROUP_GP155",
903 "OAKLEY_GROUP_GP185",
904 "OAKLEY_GROUP_MODP1536",
905 };
906
907 static const char *const oakley_group_name_rfc3526[] = {
908 "OAKLEY_GROUP_MODP2048",
909 "OAKLEY_GROUP_MODP3072",
910 "OAKLEY_GROUP_MODP4096",
911 "OAKLEY_GROUP_MODP6144",
912 "OAKLEY_GROUP_MODP8192"
913 };
914
915 enum_names oakley_group_names_rfc3526 =
916 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
917 oakley_group_name_rfc3526, NULL };
918
919 enum_names oakley_group_names =
920 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
921 oakley_group_name, &oakley_group_names_rfc3526 };
922
923 /* Oakley Group Type attribute */
924
925 static const char *const oakley_group_type_name[] = {
926 "OAKLEY_GROUP_TYPE_MODP",
927 "OAKLEY_GROUP_TYPE_ECP",
928 "OAKLEY_GROUP_TYPE_EC2N",
929 };
930
931 enum_names oakley_group_type_names =
932 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
933
934 /* Notify messages -- error types */
935
936 static const char *const notification_name[] = {
937 "INVALID_PAYLOAD_TYPE",
938 "DOI_NOT_SUPPORTED",
939 "SITUATION_NOT_SUPPORTED",
940 "INVALID_COOKIE",
941 "INVALID_MAJOR_VERSION",
942 "INVALID_MINOR_VERSION",
943 "INVALID_EXCHANGE_TYPE",
944 "INVALID_FLAGS",
945 "INVALID_MESSAGE_ID",
946 "INVALID_PROTOCOL_ID",
947 "INVALID_SPI",
948 "INVALID_TRANSFORM_ID",
949 "ATTRIBUTES_NOT_SUPPORTED",
950 "NO_PROPOSAL_CHOSEN",
951 "BAD_PROPOSAL_SYNTAX",
952 "PAYLOAD_MALFORMED",
953 "INVALID_KEY_INFORMATION",
954 "INVALID_ID_INFORMATION",
955 "INVALID_CERT_ENCODING",
956 "INVALID_CERTIFICATE",
957 "CERT_TYPE_UNSUPPORTED",
958 "INVALID_CERT_AUTHORITY",
959 "INVALID_HASH_INFORMATION",
960 "AUTHENTICATION_FAILED",
961 "INVALID_SIGNATURE",
962 "ADDRESS_NOTIFICATION",
963 "NOTIFY_SA_LIFETIME",
964 "CERTIFICATE_UNAVAILABLE",
965 "UNSUPPORTED_EXCHANGE_TYPE",
966 "UNEQUAL_PAYLOAD_LENGTHS",
967 };
968
969 static const char *const notification_status_name[] = {
970 "CONNECTED",
971 };
972
973 static const char *const ipsec_notification_name[] = {
974 "IPSEC_RESPONDER_LIFETIME",
975 "IPSEC_REPLAY_STATUS",
976 "IPSEC_INITIAL_CONTACT",
977 };
978
979 static const char *const notification_dpd_name[] = {
980 "R_U_THERE",
981 "R_U_THERE_ACK",
982 };
983
984 enum_names notification_dpd_names =
985 { R_U_THERE, R_U_THERE_ACK,
986 notification_dpd_name, NULL };
987
988 enum_names ipsec_notification_names =
989 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
990 ipsec_notification_name, &notification_dpd_names };
991
992 enum_names notification_status_names =
993 { CONNECTED, CONNECTED,
994 notification_status_name, &ipsec_notification_names };
995
996 enum_names notification_names =
997 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
998 notification_name, &notification_status_names };
999
1000 /* MODECFG
1001 * From draft-dukes-ike-mode-cfg
1002 */
1003 const char *const attr_msg_type_name[] = {
1004 "ISAKMP_CFG_RESERVED",
1005 "ISAKMP_CFG_REQUEST",
1006 "ISAKMP_CFG_REPLY",
1007 "ISAKMP_CFG_SET",
1008 "ISAKMP_CFG_ACK",
1009 NULL
1010 };
1011
1012 enum_names attr_msg_type_names =
1013 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1014
1015 /* socket address family info */
1016
1017 static const char *const af_inet_name[] = {
1018 "AF_INET",
1019 };
1020
1021 static const char *const af_inet6_name[] = {
1022 "AF_INET6",
1023 };
1024
1025 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1026
1027 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1028
1029 static ip_address ipv4_any, ipv6_any;
1030 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1031 static ip_subnet ipv4_all, ipv6_all;
1032
1033 const struct af_info af_inet4_info = {
1034 AF_INET,
1035 "AF_INET",
1036 sizeof(struct in_addr),
1037 sizeof(struct sockaddr_in),
1038 32,
1039 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1040 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1041 };
1042
1043 const struct af_info af_inet6_info = {
1044 AF_INET6,
1045 "AF_INET6",
1046 sizeof(struct in6_addr),
1047 sizeof(struct sockaddr_in6),
1048 128,
1049 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1050 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1051 };
1052
1053 const struct af_info *
1054 aftoinfo(int af)
1055 {
1056 switch (af)
1057 {
1058 case AF_INET:
1059 return &af_inet4_info;
1060 case AF_INET6:
1061 return &af_inet6_info;
1062 default:
1063 return NULL;
1064 }
1065 }
1066
1067 bool
1068 subnetisnone(const ip_subnet *sn)
1069 {
1070 ip_address base;
1071
1072 networkof(sn, &base);
1073 return isanyaddr(&base) && subnetishost(sn);
1074 }
1075
1076 /* BIND enumerated types */
1077
1078 #include <arpa/nameser.h>
1079
1080 static const char *const rr_type_name[] = {
1081 "T_A", /* 1 host address */
1082 "T_NS", /* 2 authoritative server */
1083 "T_MD", /* 3 mail destination */
1084 "T_MF", /* 4 mail forwarder */
1085 "T_CNAME", /* 5 canonical name */
1086 "T_SOA", /* 6 start of authority zone */
1087 "T_MB", /* 7 mailbox domain name */
1088 "T_MG", /* 8 mail group member */
1089 "T_MR", /* 9 mail rename name */
1090 "T_NULL", /* 10 null resource record */
1091 "T_WKS", /* 11 well known service */
1092 "T_PTR", /* 12 domain name pointer */
1093 "T_HINFO", /* 13 host information */
1094 "T_MINFO", /* 14 mailbox information */
1095 "T_MX", /* 15 mail routing information */
1096 "T_TXT", /* 16 text strings */
1097 "T_RP", /* 17 responsible person */
1098 "T_AFSDB", /* 18 AFS cell database */
1099 "T_X25", /* 19 X_25 calling address */
1100 "T_ISDN", /* 20 ISDN calling address */
1101 "T_RT", /* 21 router */
1102 "T_NSAP", /* 22 NSAP address */
1103 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1104 "T_SIG", /* 24 security signature */
1105 "T_KEY", /* 25 security key */
1106 "T_PX", /* 26 X.400 mail mapping */
1107 "T_GPOS", /* 27 geographical position (withdrawn) */
1108 "T_AAAA", /* 28 IP6 Address */
1109 "T_LOC", /* 29 Location Information */
1110 "T_NXT", /* 30 Next Valid Name in Zone */
1111 "T_EID", /* 31 Endpoint identifier */
1112 "T_NIMLOC", /* 32 Nimrod locator */
1113 "T_SRV", /* 33 Server selection */
1114 "T_ATMA", /* 34 ATM Address */
1115 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1116 NULL
1117 };
1118
1119 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1120
1121 /* Query type values which do not appear in resource records */
1122 static const char *const rr_qtype_name[] = {
1123 "T_IXFR", /* 251 incremental zone transfer */
1124 "T_AXFR", /* 252 transfer zone of authority */
1125 "T_MAILB", /* 253 transfer mailbox records */
1126 "T_MAILA", /* 254 transfer mail agent records */
1127 "T_ANY", /* 255 wildcard match */
1128 NULL
1129 };
1130
1131 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1132
1133 static const char *const rr_class_name[] = {
1134 "C_IN", /* 1 the arpa internet */
1135 NULL
1136 };
1137
1138 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1139
1140 /*
1141 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1142 *
1143 */
1144 const char *const natt_type_bitnames[] = {
1145 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1146 "draft-ietf-ipsec-nat-t-ike-02/03",
1147 "RFC 3947",
1148 "3", /* 3 */
1149 "4", "5", "6", "7",
1150 "8", "9", "10", "11",
1151 "12", "13", "14", "15",
1152 "16", "17", "18", "19",
1153 "20", "21", "22", "23",
1154 "24", "25", "26", "27",
1155 "28", "29",
1156 "nat is behind me",
1157 "nat is behind peer"
1158 };
1159
1160 /* look up enum names in an enum_names */
1161
1162 const char *
1163 enum_name(enum_names *ed, unsigned long val)
1164 {
1165 enum_names *p;
1166
1167 for (p = ed; p != NULL; p = p->en_next_range)
1168 {
1169 if (p->en_first <= val && val <= p->en_last)
1170 return p->en_names[val - p->en_first];
1171 }
1172 return NULL;
1173 }
1174
1175 /* find or construct a string to describe an enum value
1176 * Result may be in STATIC buffer!
1177 */
1178 const char *
1179 enum_show(enum_names *ed, unsigned long val)
1180 {
1181 const char *p = enum_name(ed, val);
1182
1183 if (p == NULL)
1184 {
1185 static char buf[12]; /* only one! I hope that it is big enough */
1186
1187 snprintf(buf, sizeof(buf), "%lu??", val);
1188 p = buf;
1189 }
1190 return p;
1191 }
1192
1193
1194 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1195
1196 int
1197 enum_search(enum_names *ed, const char *str)
1198 {
1199 enum_names *p;
1200 const char *ptr;
1201 unsigned en;
1202
1203 for (p = ed; p != NULL; p = p->en_next_range)
1204 {
1205 for (en = p->en_first; en <= p->en_last ;en++)
1206 {
1207 ptr = p->en_names[en - p->en_first];
1208 if (ptr == 0)
1209 {
1210 continue;
1211 }
1212 if (streq(ptr, str))
1213 {
1214 return en;
1215 }
1216 }
1217 }
1218 return -1;
1219 }
1220
1221 /* construct a string to name the bits on in a set
1222 * Result may be in STATIC buffer!
1223 * Note: prettypolicy depends on internal details.
1224 */
1225 const char *
1226 bitnamesof(const char *const table[], lset_t val)
1227 {
1228 char *p = bitnamesbuf;
1229 lset_t bit;
1230 const char *const *tp;
1231
1232 if (val == 0)
1233 return "none";
1234
1235 for (tp = table, bit = 01; val != 0; bit <<= 1)
1236 {
1237 if (val & bit)
1238 {
1239 const char *n = *tp;
1240 size_t nl;
1241
1242 if (n == NULL || *n == '\0')
1243 {
1244 /* no name for this bit, so use hex */
1245 static char flagbuf[sizeof("0x80000000")];
1246
1247 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1248 n = flagbuf;
1249 }
1250
1251 nl = strlen(n);
1252
1253 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1254 *p++ = '+';
1255
1256 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1257 {
1258 strcpy(p, n);
1259 p += nl;
1260 }
1261 val -= bit;
1262 }
1263 if (*tp != NULL)
1264 tp++; /* move on, but not past end */
1265 }
1266 *p = '\0';
1267 return bitnamesbuf;
1268 }
1269
1270 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1271 * Suppress the shunt and fail fields if 0.
1272 */
1273 const char *
1274 prettypolicy(lset_t policy)
1275 {
1276 const char *bn = bitnamesof(sa_policy_bit_names
1277 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1278 size_t len;
1279 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1280 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1281
1282 if (bn != bitnamesbuf)
1283 bitnamesbuf[0] = '\0';
1284 len = strlen(bitnamesbuf);
1285 if (shunt != 0)
1286 {
1287 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1288 , policy_shunt_names[shunt]);
1289 len += strlen(bitnamesbuf + len);
1290 }
1291 if (fail != 0)
1292 {
1293 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1294 , policy_fail_names[fail]);
1295 len += strlen(bitnamesbuf + len);
1296 }
1297 if (NEVER_NEGOTIATE(policy))
1298 {
1299 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1300 len += strlen(bitnamesbuf + len);
1301 }
1302 return bitnamesbuf;
1303 }
1304
1305 /* test a set by seeing if all bits have names */
1306
1307 bool
1308 testset(const char *const table[], lset_t val)
1309 {
1310 lset_t bit;
1311 const char *const *tp;
1312
1313 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1314 {
1315 const char *n = *tp;
1316
1317 if (n == NULL || ((val & bit) && *n == '\0'))
1318 return FALSE;
1319 val &= ~bit;
1320 }
1321 return TRUE;
1322 }
1323
1324
1325 const char sparse_end[] = "end of sparse names";
1326
1327 /* look up enum names in a sparse_names */
1328 const char *sparse_name(sparse_names sd, unsigned long val)
1329 {
1330 const struct sparse_name *p;
1331
1332 for (p = sd; p->name != sparse_end; p++)
1333 if (p->val == val)
1334 return p->name;
1335 return NULL;
1336 }
1337
1338 /* find or construct a string to describe an sparse value
1339 * Result may be in STATIC buffer!
1340 */
1341 const char *
1342 sparse_val_show(sparse_names sd, unsigned long val)
1343 {
1344 const char *p = sparse_name(sd, val);
1345
1346 if (p == NULL)
1347 {
1348 static char buf[12]; /* only one! I hope that it is big enough */
1349
1350 snprintf(buf, sizeof(buf), "%lu??", val);
1351 p = buf;
1352 }
1353 return p;
1354 }
1355
1356 void init_constants(void)
1357 {
1358 happy(anyaddr(AF_INET, &ipv4_any));
1359 happy(anyaddr(AF_INET6, &ipv6_any));
1360
1361 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1362 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1363
1364 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1365 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1366 }
1367
1368 u_char secret_of_the_day[HASH_SIZE_SHA1];
1369
1370