d34bc56b5f09e918bb03cdfd96562715ad5753b9
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Note that the array sizes are all specified; this is to enable range
18 * checking by code that only includes constants.h.
19 */
20
21 #include <stddef.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <netinet/in.h>
25
26 #include <freeswan.h>
27 #include <ipsec_policy.h>
28
29 #include "constants.h"
30 #include "defs.h"
31 #include "log.h"
32 #include "packet.h"
33
34 /* string naming compile-time options that have interop implications */
35
36 const char compile_time_interop_options[] = ""
37 #ifdef THREADS
38 " THREADS"
39 #endif
40 #ifdef SMARTCARD
41 " SMARTCARD"
42 #endif
43 #ifdef VENDORID
44 " VENDORID"
45 #endif
46 #ifdef CISCO_QUIRKS
47 " CISCO_QUIRKS"
48 #endif
49 #ifdef USE_KEYRR
50 " KEYRR"
51 #endif
52 ;
53
54 /* version */
55
56 static const char *const version_name[] = {
57 "ISAKMP Version 1.0",
58 };
59
60 enum_names version_names =
61 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
62 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
63 version_name, NULL };
64
65 /* RFC 2459 CRL reason codes */
66
67 ENUM(crl_reason_names, REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL,
68 "unspecified",
69 "key compromise",
70 "ca compromise",
71 "affiliation changed",
72 "superseded",
73 "cessation of operation",
74 "certificate hold",
75 "reason #7",
76 "remove from crl"
77 );
78
79 /* RFC 3706 Dead Peer Detection */
80
81 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
82 "none",
83 "clear",
84 "hold",
85 "restart"
86 );
87
88 /* Timer events */
89
90 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
91 "EVENT_NULL",
92 "EVENT_REINIT_SECRET",
93 "EVENT_SHUNT_SCAN",
94 "EVENT_SO_DISCARD",
95 "EVENT_RETRANSMIT",
96 "EVENT_SA_REPLACE",
97 "EVENT_SA_REPLACE_IF_USED",
98 "EVENT_SA_EXPIRE",
99 "EVENT_NAT_T_KEEPALIVE",
100 "EVENT_DPD",
101 "EVENT_DPD_TIMEOUT",
102 "EVENT_LOG_DAILY"
103 );
104
105 /* Domain of Interpretation */
106
107 static const char *const doi_name[] = {
108 "ISAKMP_DOI_ISAKMP",
109 "ISAKMP_DOI_IPSEC",
110 };
111
112 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
113
114 /* debugging settings: a set of selections for reporting
115 * These would be more naturally situated in log.h,
116 * but they are shared with whack.
117 * It turns out that "debug-" is clutter in all contexts this is used,
118 * so we leave it off.
119 */
120 #ifdef DEBUG
121 const char *const debug_bit_names[] = {
122 "raw",
123 "crypt",
124 "parsing",
125 "emitting",
126 "control",
127 "lifecycle",
128 "klips",
129 "dns",
130 "natt",
131 "oppo",
132 "controlmore",
133
134 "private",
135
136 "impair-delay-adns-key-answer",
137 "impair-delay-adns-txt-answer",
138 "impair-bust-mi2",
139 "impair-bust-mr2",
140
141 NULL
142 };
143 #endif
144
145 /* State of exchanges */
146
147 static const char *const state_name[] = {
148 "STATE_MAIN_R0",
149 "STATE_MAIN_I1",
150 "STATE_MAIN_R1",
151 "STATE_MAIN_I2",
152 "STATE_MAIN_R2",
153 "STATE_MAIN_I3",
154 "STATE_MAIN_R3",
155 "STATE_MAIN_I4",
156
157 "STATE_QUICK_R0",
158 "STATE_QUICK_I1",
159 "STATE_QUICK_R1",
160 "STATE_QUICK_I2",
161 "STATE_QUICK_R2",
162
163 "STATE_INFO",
164 "STATE_INFO_PROTECTED",
165
166 "STATE_XAUTH_I0",
167 "STATE_XAUTH_R1",
168 "STATE_XAUTH_I1",
169 "STATE_XAUTH_R2",
170 "STATE_XAUTH_I2",
171 "STATE_XAUTH_R3",
172
173 "STATE_MODE_CFG_R0",
174 "STATE_MODE_CFG_I1",
175 "STATE_MODE_CFG_R1",
176 "STATE_MODE_CFG_I2",
177
178 "STATE_MODE_CFG_I0",
179 "STATE_MODE_CFG_R3",
180 "STATE_MODE_CFG_I3",
181 "STATE_MODE_CFG_R4",
182
183 "STATE_IKE_ROOF"
184 };
185
186 enum_names state_names =
187 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
188
189 /* story for state */
190
191 const char *const state_story[] = {
192 "expecting MI1", /* STATE_MAIN_R0 */
193 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
194 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
195 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
196 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
197 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
198 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
199 "ISAKMP SA established", /* STATE_MAIN_I4 */
200
201 "expecting QI1", /* STATE_QUICK_R0 */
202 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
203 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
204 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
205 "IPsec SA established", /* STATE_QUICK_R2 */
206
207 "got Informational Message in clear", /* STATE_INFO */
208 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
209
210 "expecting XAUTH request", /* STATE_XAUTH_I0 */
211 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
212 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
213 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
214 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
215 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
216
217 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
218 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
219 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
220 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
221
222 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
223 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
224 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
225 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
226 };
227
228 /* kind of struct connection */
229
230 static const char *const connection_kind_name[] = {
231 "CK_GROUP", /* policy group: instantiates to template */
232 "CK_TEMPLATE", /* abstract connection, with wildcard */
233 "CK_PERMANENT", /* normal connection */
234 "CK_INSTANCE", /* instance of template, created for a particular attempt */
235 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
236 };
237
238 enum_names connection_kind_names =
239 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
240
241 /* routing status names */
242
243 static const char *const routing_story_strings[] = {
244 "unrouted", /* RT_UNROUTED: unrouted */
245 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
246 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
247 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
248 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
249 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
250 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
251 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
252 };
253
254 enum_names routing_story =
255 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
256
257 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
258
259 const char *const payload_name[] = {
260 "ISAKMP_NEXT_NONE",
261 "ISAKMP_NEXT_SA",
262 "ISAKMP_NEXT_P",
263 "ISAKMP_NEXT_T",
264 "ISAKMP_NEXT_KE",
265 "ISAKMP_NEXT_ID",
266 "ISAKMP_NEXT_CERT",
267 "ISAKMP_NEXT_CR",
268 "ISAKMP_NEXT_HASH",
269 "ISAKMP_NEXT_SIG",
270 "ISAKMP_NEXT_NONCE",
271 "ISAKMP_NEXT_N",
272 "ISAKMP_NEXT_D",
273 "ISAKMP_NEXT_VID",
274 "ISAKMP_NEXT_MODECFG",
275 "ISAKMP_NEXT_15",
276 "ISAKMP_NEXT_16",
277 "ISAKMP_NEXT_17",
278 "ISAKMP_NEXT_18",
279 "ISAKMP_NEXT_19",
280 "ISAKMP_NEXT_NAT-D",
281 "ISAKMP_NEXT_NAT-OA",
282 NULL
283 };
284
285 const char *const payload_name_nat_d[] = {
286 "ISAKMP_NEXT_NAT-D",
287 "ISAKMP_NEXT_NAT-OA", NULL
288 };
289
290 static enum_names payload_names_nat_d =
291 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
292
293 enum_names payload_names =
294 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
295
296 /* Exchange types (note: two discontinuous ranges) */
297
298 static const char *const exchange_name[] = {
299 "ISAKMP_XCHG_NONE",
300 "ISAKMP_XCHG_BASE",
301 "ISAKMP_XCHG_IDPROT",
302 "ISAKMP_XCHG_AO",
303 "ISAKMP_XCHG_AGGR",
304 "ISAKMP_XCHG_INFO",
305 "ISAKMP_XCHG_MODE_CFG",
306 };
307
308 static const char *const exchange_name2[] = {
309 "ISAKMP_XCHG_QUICK",
310 "ISAKMP_XCHG_NGRP",
311 "ISAKMP_XCHG_ACK_INFO",
312 };
313
314 static enum_names exchange_desc2 =
315 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
316
317 enum_names exchange_names =
318 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
319
320 /* Flag BITS */
321 const char *const flag_bit_names[] = {
322 "ISAKMP_FLAG_ENCRYPTION",
323 "ISAKMP_FLAG_COMMIT",
324 NULL
325 };
326
327 /* Situation BITS definition for IPsec DOI */
328
329 const char *const sit_bit_names[] = {
330 "SIT_IDENTITY_ONLY",
331 "SIT_SECRECY",
332 "SIT_INTEGRITY",
333 NULL
334 };
335
336 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
337
338 static const char *const protocol_name[] = {
339 "PROTO_ISAKMP",
340 "PROTO_IPSEC_AH",
341 "PROTO_IPSEC_ESP",
342 "PROTO_IPCOMP",
343 };
344
345 enum_names protocol_names =
346 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
347
348 /* IPsec ISAKMP transform values */
349
350 static const char *const isakmp_transform_name[] = {
351 "KEY_IKE",
352 };
353
354 enum_names isakmp_transformid_names =
355 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
356
357 /* IPsec AH transform values */
358
359 static const char *const ah_transform_name[] = {
360 "HMAC_MD5",
361 "HMAC_SHA1",
362 "DES_MAC",
363 "HMAC_SHA2_256",
364 "HMAC_SHA2_384",
365 "HMAC_SHA2_512",
366 "HMAC_RIPEMD",
367 "AES_XCBC_96",
368 "SIG_RSA"
369 };
370
371 enum_names ah_transformid_names =
372 { AH_MD5, AH_RSA, ah_transform_name, NULL };
373
374 /* IPsec ESP transform values */
375
376 static const char *const esp_transform_name[] = {
377 "DES_IV64",
378 "DES_CBC",
379 "3DES_CBC",
380 "RC5_CBC",
381 "IDEA_CBC",
382 "CAST_CBC",
383 "BLOWFISH_CBC",
384 "3IDEA",
385 "DES_IV32",
386 "RC4",
387 "NULL",
388 "AES_CBC",
389 "AES_CTR",
390 "AES_CCM_8",
391 "AES_CCM_12",
392 "AES_CCM_16",
393 "UNASSIGNED_17",
394 "AES_GCM_8",
395 "AES_GCM_12",
396 "AES_GCM_16",
397 "SEED_CBC",
398 "CAMELLIA_CBC"
399 };
400
401 static const char *const esp_transform_name_high[] = {
402 "SERPENT_CBC",
403 "TWOFISH_CBC"
404 };
405
406 enum_names esp_transformid_names_high =
407 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
408
409 enum_names esp_transformid_names =
410 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
411
412 /* IPCOMP transform values */
413
414 static const char *const ipcomp_transform_name[] = {
415 "IPCOMP_OUI",
416 "IPCOMP_DEFLAT",
417 "IPCOMP_LZS",
418 "IPCOMP_LZJH",
419 };
420
421 enum_names ipcomp_transformid_names =
422 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
423
424 /* Identification type values */
425
426 static const char *const ident_name[] = {
427 "ID_IPV4_ADDR",
428 "ID_FQDN",
429 "ID_USER_FQDN",
430 "ID_IPV4_ADDR_SUBNET",
431 "ID_IPV6_ADDR",
432 "ID_IPV6_ADDR_SUBNET",
433 "ID_IPV4_ADDR_RANGE",
434 "ID_IPV6_ADDR_RANGE",
435 "ID_DER_ASN1_DN",
436 "ID_DER_ASN1_GN",
437 "ID_KEY_ID",
438 };
439
440 enum_names ident_names =
441 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
442
443 /* Certificate type values */
444
445 static const char *const cert_type_name[] = {
446 "CERT_NONE",
447 "CERT_PKCS7_WRAPPED_X509",
448 "CERT_PGP",
449 "CERT_DNS_SIGNED_KEY",
450 "CERT_X509_SIGNATURE",
451 "CERT_X509_KEY_EXCHANGE",
452 "CERT_KERBEROS_TOKENS",
453 "CERT_CRL",
454 "CERT_ARL",
455 "CERT_SPKI",
456 "CERT_X509_ATTRIBUTE",
457 };
458
459 enum_names cert_type_names =
460 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
461
462 /* Certificate policy names */
463
464 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
465 "ALWAYS_SEND",
466 "SEND_IF_ASKED",
467 "NEVER_SEND",
468 );
469
470 /* Goal BITs for establishing an SA
471 * Note: we drop the POLICY_ prefix so that logs are more concise.
472 */
473
474 const char *const sa_policy_bit_names[] = {
475 "PSK",
476 "RSASIG",
477 "ENCRYPT",
478 "AUTHENTICATE",
479 "COMPRESS",
480 "TUNNEL",
481 "PFS",
482 "DISABLEARRIVALCHECK",
483 "SHUNT0",
484 "SHUNT1",
485 "FAILSHUNT0",
486 "FAILSHUNT1",
487 "DONTREKEY",
488 "OPPORTUNISTIC",
489 "GROUP",
490 "GROUTED",
491 "UP",
492 "MODECFGPUSH",
493 "XAUTHPSK",
494 "XAUTHRSASIG",
495 "XAUTHSERVER",
496 "DONTREAUTH",
497 "BEET",
498 "MOBIKE",
499 "ECDSA",
500 "PROXY",
501 NULL
502 };
503
504 const char *const policy_shunt_names[4] = {
505 "TRAP",
506 "PASS",
507 "DROP",
508 "REJECT",
509 };
510
511 const char *const policy_fail_names[4] = {
512 "NONE",
513 "PASS",
514 "DROP",
515 "REJECT",
516 };
517
518 /* Oakley transform attributes
519 * oakley_attr_bit_names does double duty: it is used for enum names
520 * and bit names.
521 */
522
523 const char *const oakley_attr_bit_names[] = {
524 "OAKLEY_ENCRYPTION_ALGORITHM",
525 "OAKLEY_HASH_ALGORITHM",
526 "OAKLEY_AUTHENTICATION_METHOD",
527 "OAKLEY_GROUP_DESCRIPTION",
528 "OAKLEY_GROUP_TYPE",
529 "OAKLEY_GROUP_PRIME",
530 "OAKLEY_GROUP_GENERATOR_ONE",
531 "OAKLEY_GROUP_GENERATOR_TWO",
532 "OAKLEY_GROUP_CURVE_A",
533 "OAKLEY_GROUP_CURVE_B",
534 "OAKLEY_LIFE_TYPE",
535 "OAKLEY_LIFE_DURATION",
536 "OAKLEY_PRF",
537 "OAKLEY_KEY_LENGTH",
538 "OAKLEY_FIELD_SIZE",
539 "OAKLEY_GROUP_ORDER",
540 "OAKLEY_BLOCK_SIZE",
541 NULL
542 };
543
544 static const char *const oakley_var_attr_name[] = {
545 "OAKLEY_GROUP_PRIME (variable length)",
546 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
547 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
548 "OAKLEY_GROUP_CURVE_A (variable length)",
549 "OAKLEY_GROUP_CURVE_B (variable length)",
550 NULL,
551 "OAKLEY_LIFE_DURATION (variable length)",
552 NULL,
553 NULL,
554 NULL,
555 "OAKLEY_GROUP_ORDER (variable length)",
556 };
557
558 static enum_names oakley_attr_desc_tv = {
559 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
560 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
561
562 enum_names oakley_attr_names = {
563 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
564 oakley_var_attr_name, &oakley_attr_desc_tv };
565
566 /* for each Oakley attribute, which enum_names describes its values? */
567 enum_names *oakley_attr_val_descs[] = {
568 NULL, /* (none) */
569 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
570 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
571 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
572 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
573 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
574 NULL, /* OAKLEY_GROUP_PRIME */
575 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
576 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
577 NULL, /* OAKLEY_GROUP_CURVE_A */
578 NULL, /* OAKLEY_GROUP_CURVE_B */
579 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
580 NULL, /* OAKLEY_LIFE_DURATION */
581 &oakley_prf_names, /* OAKLEY_PRF */
582 NULL, /* OAKLEY_KEY_LENGTH */
583 NULL, /* OAKLEY_FIELD_SIZE */
584 NULL, /* OAKLEY_GROUP_ORDER */
585 };
586
587 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
588
589 static const char *const ipsec_attr_name[] = {
590 "SA_LIFE_TYPE",
591 "SA_LIFE_DURATION",
592 "GROUP_DESCRIPTION",
593 "ENCAPSULATION_MODE",
594 "AUTH_ALGORITHM",
595 "KEY_LENGTH",
596 "KEY_ROUNDS",
597 "COMPRESS_DICT_SIZE",
598 "COMPRESS_PRIVATE_ALG",
599 };
600
601 static const char *const ipsec_var_attr_name[] = {
602 "SA_LIFE_DURATION (variable length)",
603 NULL,
604 NULL,
605 NULL,
606 NULL,
607 NULL,
608 NULL,
609 "COMPRESS_PRIVATE_ALG (variable length)",
610 };
611
612 static enum_names ipsec_attr_desc_tv = {
613 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
614 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
615 ipsec_attr_name, NULL };
616
617 enum_names ipsec_attr_names = {
618 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
619 ipsec_var_attr_name, &ipsec_attr_desc_tv };
620
621 /* for each IPsec attribute, which enum_names describes its values? */
622 enum_names *ipsec_attr_val_descs[] = {
623 NULL, /* (none) */
624 &sa_lifetime_names, /* SA_LIFE_TYPE */
625 NULL, /* SA_LIFE_DURATION */
626 &oakley_group_names, /* GROUP_DESCRIPTION */
627 &enc_mode_names, /* ENCAPSULATION_MODE */
628 &auth_alg_names, /* AUTH_ALGORITHM */
629 NULL, /* KEY_LENGTH */
630 NULL, /* KEY_ROUNDS */
631 NULL, /* COMPRESS_DICT_SIZE */
632 NULL, /* COMPRESS_PRIVATE_ALG */
633 };
634
635 /* SA Lifetime Type attribute */
636
637 static const char *const sa_lifetime_name[] = {
638 "SA_LIFE_TYPE_SECONDS",
639 "SA_LIFE_TYPE_KBYTES",
640 };
641
642 enum_names sa_lifetime_names =
643 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
644
645 /* Encapsulation Mode attribute */
646
647 static const char *const enc_mode_name[] = {
648 "ENCAPSULATION_MODE_TUNNEL",
649 "ENCAPSULATION_MODE_TRANSPORT",
650 "ENCAPSULATION_MODE_UDP_TUNNEL",
651 "ENCAPSULATION_MODE_UDP_TRANSPORT",
652 };
653
654 static const char *const enc_udp_mode_name[] = {
655 "ENCAPSULATION_MODE_UDP_TUNNEL",
656 "ENCAPSULATION_MODE_UDP_TRANSPORT",
657 };
658
659 static enum_names enc_udp_mode_names =
660 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
661
662 enum_names enc_mode_names =
663 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
664
665 /* Auth Algorithm attribute */
666
667 static const char *const auth_alg_name[] = {
668 "HMAC_MD5",
669 "HMAC_SHA1",
670 "DES_MAC",
671 "KPDK",
672 "HMAC_SHA2_256",
673 "HMAC_SHA2_384",
674 "HMAC_SHA2_512",
675 "HMAC_RIPEMD",
676 "AES_XCBC_96",
677 "SIG_RSA"
678 };
679
680 static const char *const extended_auth_alg_name[] = {
681 "NULL"
682 };
683
684 enum_names extended_auth_alg_names =
685 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
686
687 enum_names auth_alg_names =
688 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
689 , &extended_auth_alg_names };
690
691 /* From draft-beaulieu-ike-xauth */
692 static const char *const xauth_type_name[] = {
693 "Generic",
694 "RADIUS-CHAP",
695 "OTP",
696 "S/KEY",
697 };
698
699 enum_names xauth_type_names =
700 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
701
702 /* From draft-beaulieu-ike-xauth */
703 static const char *const xauth_attr_tv_name[] = {
704 "XAUTH_TYPE",
705 NULL,
706 NULL,
707 NULL,
708 NULL,
709 NULL,
710 NULL,
711 "XAUTH_STATUS",
712 };
713
714 enum_names xauth_attr_tv_names = {
715 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
716 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
717
718 static const char *const unity_attr_name[] = {
719 "UNITY_BANNER",
720 "UNITY_SAVE_PASSWD",
721 "UNITY_DEF_DOMAIN",
722 "UNITY_SPLITDNS_NAME",
723 "UNITY_SPLIT_INCLUDE",
724 "UNITY_NATT_PORT",
725 "UNITY_LOCAL_LAN",
726 "UNITY_PFS",
727 "UNITY_FW_TYPE",
728 "UNITY_BACKUP_SERVERS",
729 "UNITY_DDNS_HOSTNAME",
730 };
731
732 enum_names unity_attr_names =
733 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
734
735 static const char *const microsoft_attr_name[] = {
736 "INTERNAL_IP4_SERVER",
737 "INTERNAL_IP6_SERVER",
738 };
739
740 enum_names microsoft_attr_names =
741 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
742
743 static const char *const xauth_attr_name[] = {
744 "XAUTH_USER_NAME",
745 "XAUTH_USER_PASSWORD",
746 "XAUTH_PASSCODE",
747 "XAUTH_MESSAGE",
748 "XAUTH_CHALLENGE",
749 "XAUTH_DOMAIN",
750 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
751 "XAUTH_NEXT_PIN",
752 "XAUTH_ANSWER",
753 };
754
755 enum_names xauth_attr_names =
756 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
757
758 static const char *const modecfg_attr_name[] = {
759 "INTERNAL_IP4_ADDRESS",
760 "INTERNAL_IP4_NETMASK",
761 "INTERNAL_IP4_DNS",
762 "INTERNAL_IP4_NBNS",
763 "INTERNAL_ADDRESS_EXPIRY",
764 "INTERNAL_IP4_DHCP",
765 "APPLICATION_VERSION",
766 "INTERNAL_IP6_ADDRESS",
767 "INTERNAL_IP6_NETMASK",
768 "INTERNAL_IP6_DNS",
769 "INTERNAL_IP6_NBNS",
770 "INTERNAL_IP6_DHCP",
771 "INTERNAL_IP4_SUBNET",
772 "SUPPORTED_ATTRIBUTES",
773 "INTERNAL_IP6_SUBNET",
774 };
775
776 enum_names modecfg_attr_names =
777 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
778
779 /* Oakley Lifetime Type attribute */
780
781 static const char *const oakley_lifetime_name[] = {
782 "OAKLEY_LIFE_SECONDS",
783 "OAKLEY_LIFE_KILOBYTES",
784 };
785
786 enum_names oakley_lifetime_names =
787 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
788
789 /* Oakley PRF attribute (none defined) */
790
791 enum_names oakley_prf_names =
792 { 1, 0, NULL, NULL };
793
794 /* Oakley Encryption Algorithm attribute */
795
796 static const char *const oakley_enc_name[] = {
797 "DES_CBC",
798 "IDEA_CBC",
799 "BLOWFISH_CBC",
800 "RC5_R16_B64_CBC",
801 "3DES_CBC",
802 "CAST_CBC",
803 "AES_CBC",
804 "CAMELLIA_CBC"
805 };
806
807 #ifdef NO_EXTRA_IKE
808 enum_names oakley_enc_names =
809 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
810 #else
811 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
812 "MARS_CBC" /* 65001 */,
813 "RC6_CBC" /* 65002 */,
814 "ID_65003" /* 65003 */,
815 "SERPENT_CBC" /* 65004 */,
816 "TWOFISH_CBC" /* 65005 */,
817 };
818
819 static const char *const oakley_enc_name_ssh[] = {
820 "TWOFISH_CBC_SSH",
821 };
822
823 enum_names oakley_enc_names_ssh =
824 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
825 , NULL };
826
827 enum_names oakley_enc_names_draft_aes_cbc_02 =
828 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
829 , &oakley_enc_names_ssh };
830
831 enum_names oakley_enc_names =
832 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
833 , &oakley_enc_names_draft_aes_cbc_02 };
834 #endif
835
836 /* Oakley Hash Algorithm attribute */
837
838 static const char *const oakley_hash_name[] = {
839 "HMAC_MD5",
840 "HMAC_SHA1",
841 "HMAC_TIGER",
842 "HMAC_SHA2_256",
843 "HMAC_SHA2_384",
844 "HMAC_SHA2_512",
845 };
846
847 enum_names oakley_hash_names =
848 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
849
850 /* Oakley Authentication Method attribute */
851
852 static const char *const oakley_auth_name1[] = {
853 "OAKLEY_PRESHARED_KEY",
854 "OAKLEY_DSS_SIG",
855 "OAKLEY_RSA_SIG",
856 "OAKLEY_RSA_ENC",
857 "OAKLEY_RSA_ENC_REV",
858 "OAKLEY_ELGAMAL_ENC",
859 "OAKLEY_ELGAMAL_ENC_REV",
860 };
861
862 static const char *const oakley_auth_name2[] = {
863 "HybridInitRSA",
864 "HybridRespRSA",
865 "HybridInitDSS",
866 "HybridRespDSS",
867 };
868
869 static const char *const oakley_auth_name3[] = {
870 "XAUTHInitPreShared",
871 "XAUTHRespPreShared",
872 "XAUTHInitDSS",
873 "XAUTHRespDSS",
874 "XAUTHInitRSA",
875 "XAUTHRespRSA",
876 "XAUTHInitRSAEncryption",
877 "XAUTHRespRSAEncryption",
878 "XAUTHInitRSARevisedEncryption",
879 "XAUTHRespRSARevisedEncryption",
880 };
881
882 static enum_names oakley_auth_names1 =
883 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
884 , oakley_auth_name1, NULL };
885
886 static enum_names oakley_auth_names2 =
887 { HybridInitRSA, HybridRespDSS
888 , oakley_auth_name2, &oakley_auth_names1 };
889
890 enum_names oakley_auth_names =
891 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
892 , oakley_auth_name3, &oakley_auth_names2 };
893
894 /* Oakley Group Description attribute */
895
896 static const char *const oakley_group_name[] = {
897 "MODP_768",
898 "MODP_1024",
899 "GP_155",
900 "GP_185",
901 "MODP_1536",
902 };
903
904 static const char *const oakley_group_name_rfc3526[] = {
905 "MODP_2048",
906 "MODP_3072",
907 "MODP_4096",
908 "MODP_6144",
909 "MODP_8192"
910 };
911
912 enum_names oakley_group_names_rfc3526 =
913 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
914 oakley_group_name_rfc3526, NULL };
915
916 enum_names oakley_group_names =
917 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
918 oakley_group_name, &oakley_group_names_rfc3526 };
919
920 /* Oakley Group Type attribute */
921
922 static const char *const oakley_group_type_name[] = {
923 "OAKLEY_GROUP_TYPE_MODP",
924 "OAKLEY_GROUP_TYPE_ECP",
925 "OAKLEY_GROUP_TYPE_EC2N",
926 };
927
928 enum_names oakley_group_type_names =
929 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
930
931 /* Notify messages -- error types */
932
933 static const char *const notification_name[] = {
934 "INVALID_PAYLOAD_TYPE",
935 "DOI_NOT_SUPPORTED",
936 "SITUATION_NOT_SUPPORTED",
937 "INVALID_COOKIE",
938 "INVALID_MAJOR_VERSION",
939 "INVALID_MINOR_VERSION",
940 "INVALID_EXCHANGE_TYPE",
941 "INVALID_FLAGS",
942 "INVALID_MESSAGE_ID",
943 "INVALID_PROTOCOL_ID",
944 "INVALID_SPI",
945 "INVALID_TRANSFORM_ID",
946 "ATTRIBUTES_NOT_SUPPORTED",
947 "NO_PROPOSAL_CHOSEN",
948 "BAD_PROPOSAL_SYNTAX",
949 "PAYLOAD_MALFORMED",
950 "INVALID_KEY_INFORMATION",
951 "INVALID_ID_INFORMATION",
952 "INVALID_CERT_ENCODING",
953 "INVALID_CERTIFICATE",
954 "CERT_TYPE_UNSUPPORTED",
955 "INVALID_CERT_AUTHORITY",
956 "INVALID_HASH_INFORMATION",
957 "AUTHENTICATION_FAILED",
958 "INVALID_SIGNATURE",
959 "ADDRESS_NOTIFICATION",
960 "NOTIFY_SA_LIFETIME",
961 "CERTIFICATE_UNAVAILABLE",
962 "UNSUPPORTED_EXCHANGE_TYPE",
963 "UNEQUAL_PAYLOAD_LENGTHS",
964 };
965
966 static const char *const notification_status_name[] = {
967 "CONNECTED",
968 };
969
970 static const char *const ipsec_notification_name[] = {
971 "IPSEC_RESPONDER_LIFETIME",
972 "IPSEC_REPLAY_STATUS",
973 "IPSEC_INITIAL_CONTACT",
974 };
975
976 static const char *const notification_dpd_name[] = {
977 "R_U_THERE",
978 "R_U_THERE_ACK",
979 };
980
981 enum_names notification_dpd_names =
982 { R_U_THERE, R_U_THERE_ACK,
983 notification_dpd_name, NULL };
984
985 enum_names ipsec_notification_names =
986 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
987 ipsec_notification_name, &notification_dpd_names };
988
989 enum_names notification_status_names =
990 { CONNECTED, CONNECTED,
991 notification_status_name, &ipsec_notification_names };
992
993 enum_names notification_names =
994 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
995 notification_name, &notification_status_names };
996
997 /* MODECFG
998 * From draft-dukes-ike-mode-cfg
999 */
1000 const char *const attr_msg_type_name[] = {
1001 "ISAKMP_CFG_RESERVED",
1002 "ISAKMP_CFG_REQUEST",
1003 "ISAKMP_CFG_REPLY",
1004 "ISAKMP_CFG_SET",
1005 "ISAKMP_CFG_ACK",
1006 NULL
1007 };
1008
1009 enum_names attr_msg_type_names =
1010 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1011
1012 /* socket address family info */
1013
1014 static const char *const af_inet_name[] = {
1015 "AF_INET",
1016 };
1017
1018 static const char *const af_inet6_name[] = {
1019 "AF_INET6",
1020 };
1021
1022 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1023
1024 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1025
1026 static ip_address ipv4_any, ipv6_any;
1027 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1028 static ip_subnet ipv4_all, ipv6_all;
1029
1030 const struct af_info af_inet4_info = {
1031 AF_INET,
1032 "AF_INET",
1033 sizeof(struct in_addr),
1034 sizeof(struct sockaddr_in),
1035 32,
1036 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1037 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1038 };
1039
1040 const struct af_info af_inet6_info = {
1041 AF_INET6,
1042 "AF_INET6",
1043 sizeof(struct in6_addr),
1044 sizeof(struct sockaddr_in6),
1045 128,
1046 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1047 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1048 };
1049
1050 const struct af_info *
1051 aftoinfo(int af)
1052 {
1053 switch (af)
1054 {
1055 case AF_INET:
1056 return &af_inet4_info;
1057 case AF_INET6:
1058 return &af_inet6_info;
1059 default:
1060 return NULL;
1061 }
1062 }
1063
1064 bool
1065 subnetisnone(const ip_subnet *sn)
1066 {
1067 ip_address base;
1068
1069 networkof(sn, &base);
1070 return isanyaddr(&base) && subnetishost(sn);
1071 }
1072
1073 /* BIND enumerated types */
1074
1075 #include <arpa/nameser.h>
1076
1077 static const char *const rr_type_name[] = {
1078 "T_A", /* 1 host address */
1079 "T_NS", /* 2 authoritative server */
1080 "T_MD", /* 3 mail destination */
1081 "T_MF", /* 4 mail forwarder */
1082 "T_CNAME", /* 5 canonical name */
1083 "T_SOA", /* 6 start of authority zone */
1084 "T_MB", /* 7 mailbox domain name */
1085 "T_MG", /* 8 mail group member */
1086 "T_MR", /* 9 mail rename name */
1087 "T_NULL", /* 10 null resource record */
1088 "T_WKS", /* 11 well known service */
1089 "T_PTR", /* 12 domain name pointer */
1090 "T_HINFO", /* 13 host information */
1091 "T_MINFO", /* 14 mailbox information */
1092 "T_MX", /* 15 mail routing information */
1093 "T_TXT", /* 16 text strings */
1094 "T_RP", /* 17 responsible person */
1095 "T_AFSDB", /* 18 AFS cell database */
1096 "T_X25", /* 19 X_25 calling address */
1097 "T_ISDN", /* 20 ISDN calling address */
1098 "T_RT", /* 21 router */
1099 "T_NSAP", /* 22 NSAP address */
1100 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1101 "T_SIG", /* 24 security signature */
1102 "T_KEY", /* 25 security key */
1103 "T_PX", /* 26 X.400 mail mapping */
1104 "T_GPOS", /* 27 geographical position (withdrawn) */
1105 "T_AAAA", /* 28 IP6 Address */
1106 "T_LOC", /* 29 Location Information */
1107 "T_NXT", /* 30 Next Valid Name in Zone */
1108 "T_EID", /* 31 Endpoint identifier */
1109 "T_NIMLOC", /* 32 Nimrod locator */
1110 "T_SRV", /* 33 Server selection */
1111 "T_ATMA", /* 34 ATM Address */
1112 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1113 NULL
1114 };
1115
1116 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1117
1118 /* Query type values which do not appear in resource records */
1119 static const char *const rr_qtype_name[] = {
1120 "T_IXFR", /* 251 incremental zone transfer */
1121 "T_AXFR", /* 252 transfer zone of authority */
1122 "T_MAILB", /* 253 transfer mailbox records */
1123 "T_MAILA", /* 254 transfer mail agent records */
1124 "T_ANY", /* 255 wildcard match */
1125 NULL
1126 };
1127
1128 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1129
1130 static const char *const rr_class_name[] = {
1131 "C_IN", /* 1 the arpa internet */
1132 NULL
1133 };
1134
1135 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1136
1137 /*
1138 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1139 *
1140 */
1141 const char *const natt_type_bitnames[] = {
1142 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1143 "draft-ietf-ipsec-nat-t-ike-02/03",
1144 "RFC 3947",
1145 "3", /* 3 */
1146 "4", "5", "6", "7",
1147 "8", "9", "10", "11",
1148 "12", "13", "14", "15",
1149 "16", "17", "18", "19",
1150 "20", "21", "22", "23",
1151 "24", "25", "26", "27",
1152 "28", "29",
1153 "nat is behind me",
1154 "nat is behind peer"
1155 };
1156
1157 /* look up enum names in an enum_names */
1158
1159 const char *
1160 enum_name(enum_names *ed, unsigned long val)
1161 {
1162 enum_names *p;
1163
1164 for (p = ed; p != NULL; p = p->en_next_range)
1165 {
1166 if (p->en_first <= val && val <= p->en_last)
1167 return p->en_names[val - p->en_first];
1168 }
1169 return NULL;
1170 }
1171
1172 /* find or construct a string to describe an enum value
1173 * Result may be in STATIC buffer!
1174 */
1175 const char *
1176 enum_show(enum_names *ed, unsigned long val)
1177 {
1178 const char *p = enum_name(ed, val);
1179
1180 if (p == NULL)
1181 {
1182 static char buf[12]; /* only one! I hope that it is big enough */
1183
1184 snprintf(buf, sizeof(buf), "%lu??", val);
1185 p = buf;
1186 }
1187 return p;
1188 }
1189
1190
1191 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1192
1193 int
1194 enum_search(enum_names *ed, const char *str)
1195 {
1196 enum_names *p;
1197 const char *ptr;
1198 unsigned en;
1199
1200 for (p = ed; p != NULL; p = p->en_next_range)
1201 {
1202 for (en = p->en_first; en <= p->en_last ;en++)
1203 {
1204 ptr = p->en_names[en - p->en_first];
1205 if (ptr == 0)
1206 {
1207 continue;
1208 }
1209 if (streq(ptr, str))
1210 {
1211 return en;
1212 }
1213 }
1214 }
1215 return -1;
1216 }
1217
1218 /* construct a string to name the bits on in a set
1219 * Result may be in STATIC buffer!
1220 * Note: prettypolicy depends on internal details.
1221 */
1222 const char *
1223 bitnamesof(const char *const table[], lset_t val)
1224 {
1225 char *p = bitnamesbuf;
1226 lset_t bit;
1227 const char *const *tp;
1228
1229 if (val == 0)
1230 return "none";
1231
1232 for (tp = table, bit = 01; val != 0; bit <<= 1)
1233 {
1234 if (val & bit)
1235 {
1236 const char *n = *tp;
1237 size_t nl;
1238
1239 if (n == NULL || *n == '\0')
1240 {
1241 /* no name for this bit, so use hex */
1242 static char flagbuf[sizeof("0x80000000")];
1243
1244 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1245 n = flagbuf;
1246 }
1247
1248 nl = strlen(n);
1249
1250 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1251 *p++ = '+';
1252
1253 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1254 {
1255 strcpy(p, n);
1256 p += nl;
1257 }
1258 val -= bit;
1259 }
1260 if (*tp != NULL)
1261 tp++; /* move on, but not past end */
1262 }
1263 *p = '\0';
1264 return bitnamesbuf;
1265 }
1266
1267 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1268 * Suppress the shunt and fail fields if 0.
1269 */
1270 const char *
1271 prettypolicy(lset_t policy)
1272 {
1273 const char *bn = bitnamesof(sa_policy_bit_names
1274 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1275 size_t len;
1276 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1277 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1278
1279 if (bn != bitnamesbuf)
1280 bitnamesbuf[0] = '\0';
1281 len = strlen(bitnamesbuf);
1282 if (shunt != 0)
1283 {
1284 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1285 , policy_shunt_names[shunt]);
1286 len += strlen(bitnamesbuf + len);
1287 }
1288 if (fail != 0)
1289 {
1290 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1291 , policy_fail_names[fail]);
1292 len += strlen(bitnamesbuf + len);
1293 }
1294 if (NEVER_NEGOTIATE(policy))
1295 {
1296 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1297 len += strlen(bitnamesbuf + len);
1298 }
1299 return bitnamesbuf;
1300 }
1301
1302 /* test a set by seeing if all bits have names */
1303
1304 bool
1305 testset(const char *const table[], lset_t val)
1306 {
1307 lset_t bit;
1308 const char *const *tp;
1309
1310 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1311 {
1312 const char *n = *tp;
1313
1314 if (n == NULL || ((val & bit) && *n == '\0'))
1315 return FALSE;
1316 val &= ~bit;
1317 }
1318 return TRUE;
1319 }
1320
1321
1322 const char sparse_end[] = "end of sparse names";
1323
1324 /* look up enum names in a sparse_names */
1325 const char *sparse_name(sparse_names sd, unsigned long val)
1326 {
1327 const struct sparse_name *p;
1328
1329 for (p = sd; p->name != sparse_end; p++)
1330 if (p->val == val)
1331 return p->name;
1332 return NULL;
1333 }
1334
1335 /* find or construct a string to describe an sparse value
1336 * Result may be in STATIC buffer!
1337 */
1338 const char *
1339 sparse_val_show(sparse_names sd, unsigned long val)
1340 {
1341 const char *p = sparse_name(sd, val);
1342
1343 if (p == NULL)
1344 {
1345 static char buf[12]; /* only one! I hope that it is big enough */
1346
1347 snprintf(buf, sizeof(buf), "%lu??", val);
1348 p = buf;
1349 }
1350 return p;
1351 }
1352
1353 void init_constants(void)
1354 {
1355 happy(anyaddr(AF_INET, &ipv4_any));
1356 happy(anyaddr(AF_INET6, &ipv6_any));
1357
1358 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1359 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1360
1361 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1362 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1363 }
1364
1365 u_char secret_of_the_day[HASH_SIZE_SHA1];
1366
1367