use crl_reason_t definition from <credentials/certificates/crl.h>
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Note that the array sizes are all specified; this is to enable range
18 * checking by code that only includes constants.h.
19 */
20
21 #include <stddef.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <netinet/in.h>
25
26 #include <freeswan.h>
27
28 #include "constants.h"
29 #include "defs.h"
30 #include "log.h"
31 #include "packet.h"
32
33 /* string naming compile-time options that have interop implications */
34
35 const char compile_time_interop_options[] = ""
36 #ifdef THREADS
37 " THREADS"
38 #endif
39 #ifdef SMARTCARD
40 " SMARTCARD"
41 #endif
42 #ifdef VENDORID
43 " VENDORID"
44 #endif
45 #ifdef CISCO_QUIRKS
46 " CISCO_QUIRKS"
47 #endif
48 #ifdef USE_KEYRR
49 " KEYRR"
50 #endif
51 ;
52
53 /* version */
54
55 static const char *const version_name[] = {
56 "ISAKMP Version 1.0",
57 };
58
59 enum_names version_names =
60 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
61 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
62 version_name, NULL };
63
64 /* RFC 3706 Dead Peer Detection */
65
66 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
67 "none",
68 "clear",
69 "hold",
70 "restart"
71 );
72
73 /* Timer events */
74
75 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
76 "EVENT_NULL",
77 "EVENT_REINIT_SECRET",
78 "EVENT_SHUNT_SCAN",
79 "EVENT_SO_DISCARD",
80 "EVENT_RETRANSMIT",
81 "EVENT_SA_REPLACE",
82 "EVENT_SA_REPLACE_IF_USED",
83 "EVENT_SA_EXPIRE",
84 "EVENT_NAT_T_KEEPALIVE",
85 "EVENT_DPD",
86 "EVENT_DPD_TIMEOUT",
87 "EVENT_LOG_DAILY"
88 );
89
90 /* Domain of Interpretation */
91
92 static const char *const doi_name[] = {
93 "ISAKMP_DOI_ISAKMP",
94 "ISAKMP_DOI_IPSEC",
95 };
96
97 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
98
99 /* debugging settings: a set of selections for reporting
100 * These would be more naturally situated in log.h,
101 * but they are shared with whack.
102 * It turns out that "debug-" is clutter in all contexts this is used,
103 * so we leave it off.
104 */
105 #ifdef DEBUG
106 const char *const debug_bit_names[] = {
107 "raw",
108 "crypt",
109 "parsing",
110 "emitting",
111 "control",
112 "lifecycle",
113 "klips",
114 "dns",
115 "natt",
116 "oppo",
117 "controlmore",
118
119 "private",
120
121 "impair-delay-adns-key-answer",
122 "impair-delay-adns-txt-answer",
123 "impair-bust-mi2",
124 "impair-bust-mr2",
125
126 NULL
127 };
128 #endif
129
130 /* State of exchanges */
131
132 static const char *const state_name[] = {
133 "STATE_MAIN_R0",
134 "STATE_MAIN_I1",
135 "STATE_MAIN_R1",
136 "STATE_MAIN_I2",
137 "STATE_MAIN_R2",
138 "STATE_MAIN_I3",
139 "STATE_MAIN_R3",
140 "STATE_MAIN_I4",
141
142 "STATE_QUICK_R0",
143 "STATE_QUICK_I1",
144 "STATE_QUICK_R1",
145 "STATE_QUICK_I2",
146 "STATE_QUICK_R2",
147
148 "STATE_INFO",
149 "STATE_INFO_PROTECTED",
150
151 "STATE_XAUTH_I0",
152 "STATE_XAUTH_R1",
153 "STATE_XAUTH_I1",
154 "STATE_XAUTH_R2",
155 "STATE_XAUTH_I2",
156 "STATE_XAUTH_R3",
157
158 "STATE_MODE_CFG_R0",
159 "STATE_MODE_CFG_I1",
160 "STATE_MODE_CFG_R1",
161 "STATE_MODE_CFG_I2",
162
163 "STATE_MODE_CFG_I0",
164 "STATE_MODE_CFG_R3",
165 "STATE_MODE_CFG_I3",
166 "STATE_MODE_CFG_R4",
167
168 "STATE_IKE_ROOF"
169 };
170
171 enum_names state_names =
172 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
173
174 /* story for state */
175
176 const char *const state_story[] = {
177 "expecting MI1", /* STATE_MAIN_R0 */
178 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
179 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
180 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
181 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
182 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
183 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
184 "ISAKMP SA established", /* STATE_MAIN_I4 */
185
186 "expecting QI1", /* STATE_QUICK_R0 */
187 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
188 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
189 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
190 "IPsec SA established", /* STATE_QUICK_R2 */
191
192 "got Informational Message in clear", /* STATE_INFO */
193 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
194
195 "expecting XAUTH request", /* STATE_XAUTH_I0 */
196 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
197 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
198 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
199 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
200 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
201
202 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
203 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
204 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
205 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
206
207 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
208 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
209 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
210 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
211 };
212
213 /* kind of struct connection */
214
215 static const char *const connection_kind_name[] = {
216 "CK_GROUP", /* policy group: instantiates to template */
217 "CK_TEMPLATE", /* abstract connection, with wildcard */
218 "CK_PERMANENT", /* normal connection */
219 "CK_INSTANCE", /* instance of template, created for a particular attempt */
220 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
221 };
222
223 enum_names connection_kind_names =
224 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
225
226 /* routing status names */
227
228 static const char *const routing_story_strings[] = {
229 "unrouted", /* RT_UNROUTED: unrouted */
230 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
231 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
232 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
233 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
234 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
235 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
236 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
237 };
238
239 enum_names routing_story =
240 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
241
242 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
243
244 const char *const payload_name[] = {
245 "ISAKMP_NEXT_NONE",
246 "ISAKMP_NEXT_SA",
247 "ISAKMP_NEXT_P",
248 "ISAKMP_NEXT_T",
249 "ISAKMP_NEXT_KE",
250 "ISAKMP_NEXT_ID",
251 "ISAKMP_NEXT_CERT",
252 "ISAKMP_NEXT_CR",
253 "ISAKMP_NEXT_HASH",
254 "ISAKMP_NEXT_SIG",
255 "ISAKMP_NEXT_NONCE",
256 "ISAKMP_NEXT_N",
257 "ISAKMP_NEXT_D",
258 "ISAKMP_NEXT_VID",
259 "ISAKMP_NEXT_MODECFG",
260 "ISAKMP_NEXT_15",
261 "ISAKMP_NEXT_16",
262 "ISAKMP_NEXT_17",
263 "ISAKMP_NEXT_18",
264 "ISAKMP_NEXT_19",
265 "ISAKMP_NEXT_NAT-D",
266 "ISAKMP_NEXT_NAT-OA",
267 NULL
268 };
269
270 const char *const payload_name_nat_d[] = {
271 "ISAKMP_NEXT_NAT-D",
272 "ISAKMP_NEXT_NAT-OA", NULL
273 };
274
275 static enum_names payload_names_nat_d =
276 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
277
278 enum_names payload_names =
279 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
280
281 /* Exchange types (note: two discontinuous ranges) */
282
283 static const char *const exchange_name[] = {
284 "ISAKMP_XCHG_NONE",
285 "ISAKMP_XCHG_BASE",
286 "ISAKMP_XCHG_IDPROT",
287 "ISAKMP_XCHG_AO",
288 "ISAKMP_XCHG_AGGR",
289 "ISAKMP_XCHG_INFO",
290 "ISAKMP_XCHG_MODE_CFG",
291 };
292
293 static const char *const exchange_name2[] = {
294 "ISAKMP_XCHG_QUICK",
295 "ISAKMP_XCHG_NGRP",
296 "ISAKMP_XCHG_ACK_INFO",
297 };
298
299 static enum_names exchange_desc2 =
300 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
301
302 enum_names exchange_names =
303 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
304
305 /* Flag BITS */
306 const char *const flag_bit_names[] = {
307 "ISAKMP_FLAG_ENCRYPTION",
308 "ISAKMP_FLAG_COMMIT",
309 NULL
310 };
311
312 /* Situation BITS definition for IPsec DOI */
313
314 const char *const sit_bit_names[] = {
315 "SIT_IDENTITY_ONLY",
316 "SIT_SECRECY",
317 "SIT_INTEGRITY",
318 NULL
319 };
320
321 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
322
323 static const char *const protocol_name[] = {
324 "PROTO_ISAKMP",
325 "PROTO_IPSEC_AH",
326 "PROTO_IPSEC_ESP",
327 "PROTO_IPCOMP",
328 };
329
330 enum_names protocol_names =
331 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
332
333 /* IPsec ISAKMP transform values */
334
335 static const char *const isakmp_transform_name[] = {
336 "KEY_IKE",
337 };
338
339 enum_names isakmp_transformid_names =
340 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
341
342 /* IPsec AH transform values */
343
344 static const char *const ah_transform_name[] = {
345 "HMAC_MD5",
346 "HMAC_SHA1",
347 "DES_MAC",
348 "HMAC_SHA2_256",
349 "HMAC_SHA2_384",
350 "HMAC_SHA2_512",
351 "HMAC_RIPEMD",
352 "AES_XCBC_96",
353 "SIG_RSA"
354 };
355
356 enum_names ah_transformid_names =
357 { AH_MD5, AH_RSA, ah_transform_name, NULL };
358
359 /* IPsec ESP transform values */
360
361 static const char *const esp_transform_name[] = {
362 "DES_IV64",
363 "DES_CBC",
364 "3DES_CBC",
365 "RC5_CBC",
366 "IDEA_CBC",
367 "CAST_CBC",
368 "BLOWFISH_CBC",
369 "3IDEA",
370 "DES_IV32",
371 "RC4",
372 "NULL",
373 "AES_CBC",
374 "AES_CTR",
375 "AES_CCM_8",
376 "AES_CCM_12",
377 "AES_CCM_16",
378 "UNASSIGNED_17",
379 "AES_GCM_8",
380 "AES_GCM_12",
381 "AES_GCM_16",
382 "SEED_CBC",
383 "CAMELLIA_CBC"
384 };
385
386 static const char *const esp_transform_name_high[] = {
387 "SERPENT_CBC",
388 "TWOFISH_CBC"
389 };
390
391 enum_names esp_transformid_names_high =
392 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
393
394 enum_names esp_transformid_names =
395 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
396
397 /* IPCOMP transform values */
398
399 static const char *const ipcomp_transform_name[] = {
400 "IPCOMP_OUI",
401 "IPCOMP_DEFLAT",
402 "IPCOMP_LZS",
403 "IPCOMP_LZJH",
404 };
405
406 enum_names ipcomp_transformid_names =
407 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
408
409 /* Identification type values */
410
411 static const char *const ident_name[] = {
412 "ID_IPV4_ADDR",
413 "ID_FQDN",
414 "ID_USER_FQDN",
415 "ID_IPV4_ADDR_SUBNET",
416 "ID_IPV6_ADDR",
417 "ID_IPV6_ADDR_SUBNET",
418 "ID_IPV4_ADDR_RANGE",
419 "ID_IPV6_ADDR_RANGE",
420 "ID_DER_ASN1_DN",
421 "ID_DER_ASN1_GN",
422 "ID_KEY_ID",
423 };
424
425 enum_names ident_names =
426 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
427
428 /* Certificate type values */
429
430 static const char *const cert_type_name[] = {
431 "CERT_NONE",
432 "CERT_PKCS7_WRAPPED_X509",
433 "CERT_PGP",
434 "CERT_DNS_SIGNED_KEY",
435 "CERT_X509_SIGNATURE",
436 "CERT_X509_KEY_EXCHANGE",
437 "CERT_KERBEROS_TOKENS",
438 "CERT_CRL",
439 "CERT_ARL",
440 "CERT_SPKI",
441 "CERT_X509_ATTRIBUTE",
442 };
443
444 enum_names cert_type_names =
445 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
446
447 /* Certificate policy names */
448
449 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
450 "ALWAYS_SEND",
451 "SEND_IF_ASKED",
452 "NEVER_SEND",
453 );
454
455 /* Goal BITs for establishing an SA
456 * Note: we drop the POLICY_ prefix so that logs are more concise.
457 */
458
459 const char *const sa_policy_bit_names[] = {
460 "PSK",
461 "PUBKEY",
462 "ENCRYPT",
463 "AUTHENTICATE",
464 "COMPRESS",
465 "TUNNEL",
466 "PFS",
467 "DISABLEARRIVALCHECK",
468 "SHUNT0",
469 "SHUNT1",
470 "FAILSHUNT0",
471 "FAILSHUNT1",
472 "DONTREKEY",
473 "OPPORTUNISTIC",
474 "GROUP",
475 "GROUTED",
476 "UP",
477 "MODECFGPUSH",
478 "XAUTHPSK",
479 "XAUTHRSASIG",
480 "XAUTHSERVER",
481 "DONTREAUTH",
482 "BEET",
483 "MOBIKE",
484 "PROXY",
485 NULL
486 };
487
488 const char *const policy_shunt_names[4] = {
489 "TRAP",
490 "PASS",
491 "DROP",
492 "REJECT",
493 };
494
495 const char *const policy_fail_names[4] = {
496 "NONE",
497 "PASS",
498 "DROP",
499 "REJECT",
500 };
501
502 /* Oakley transform attributes
503 * oakley_attr_bit_names does double duty: it is used for enum names
504 * and bit names.
505 */
506
507 const char *const oakley_attr_bit_names[] = {
508 "OAKLEY_ENCRYPTION_ALGORITHM",
509 "OAKLEY_HASH_ALGORITHM",
510 "OAKLEY_AUTHENTICATION_METHOD",
511 "OAKLEY_GROUP_DESCRIPTION",
512 "OAKLEY_GROUP_TYPE",
513 "OAKLEY_GROUP_PRIME",
514 "OAKLEY_GROUP_GENERATOR_ONE",
515 "OAKLEY_GROUP_GENERATOR_TWO",
516 "OAKLEY_GROUP_CURVE_A",
517 "OAKLEY_GROUP_CURVE_B",
518 "OAKLEY_LIFE_TYPE",
519 "OAKLEY_LIFE_DURATION",
520 "OAKLEY_PRF",
521 "OAKLEY_KEY_LENGTH",
522 "OAKLEY_FIELD_SIZE",
523 "OAKLEY_GROUP_ORDER",
524 "OAKLEY_BLOCK_SIZE",
525 NULL
526 };
527
528 static const char *const oakley_var_attr_name[] = {
529 "OAKLEY_GROUP_PRIME (variable length)",
530 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
531 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
532 "OAKLEY_GROUP_CURVE_A (variable length)",
533 "OAKLEY_GROUP_CURVE_B (variable length)",
534 NULL,
535 "OAKLEY_LIFE_DURATION (variable length)",
536 NULL,
537 NULL,
538 NULL,
539 "OAKLEY_GROUP_ORDER (variable length)",
540 };
541
542 static enum_names oakley_attr_desc_tv = {
543 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
544 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
545
546 enum_names oakley_attr_names = {
547 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
548 oakley_var_attr_name, &oakley_attr_desc_tv };
549
550 /* for each Oakley attribute, which enum_names describes its values? */
551 enum_names *oakley_attr_val_descs[] = {
552 NULL, /* (none) */
553 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
554 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
555 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
556 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
557 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
558 NULL, /* OAKLEY_GROUP_PRIME */
559 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
560 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
561 NULL, /* OAKLEY_GROUP_CURVE_A */
562 NULL, /* OAKLEY_GROUP_CURVE_B */
563 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
564 NULL, /* OAKLEY_LIFE_DURATION */
565 &oakley_prf_names, /* OAKLEY_PRF */
566 NULL, /* OAKLEY_KEY_LENGTH */
567 NULL, /* OAKLEY_FIELD_SIZE */
568 NULL, /* OAKLEY_GROUP_ORDER */
569 };
570
571 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
572
573 static const char *const ipsec_attr_name[] = {
574 "SA_LIFE_TYPE",
575 "SA_LIFE_DURATION",
576 "GROUP_DESCRIPTION",
577 "ENCAPSULATION_MODE",
578 "AUTH_ALGORITHM",
579 "KEY_LENGTH",
580 "KEY_ROUNDS",
581 "COMPRESS_DICT_SIZE",
582 "COMPRESS_PRIVATE_ALG",
583 };
584
585 static const char *const ipsec_var_attr_name[] = {
586 "SA_LIFE_DURATION (variable length)",
587 NULL,
588 NULL,
589 NULL,
590 NULL,
591 NULL,
592 NULL,
593 "COMPRESS_PRIVATE_ALG (variable length)",
594 };
595
596 static enum_names ipsec_attr_desc_tv = {
597 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
598 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
599 ipsec_attr_name, NULL };
600
601 enum_names ipsec_attr_names = {
602 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
603 ipsec_var_attr_name, &ipsec_attr_desc_tv };
604
605 /* for each IPsec attribute, which enum_names describes its values? */
606 enum_names *ipsec_attr_val_descs[] = {
607 NULL, /* (none) */
608 &sa_lifetime_names, /* SA_LIFE_TYPE */
609 NULL, /* SA_LIFE_DURATION */
610 &oakley_group_names, /* GROUP_DESCRIPTION */
611 &enc_mode_names, /* ENCAPSULATION_MODE */
612 &auth_alg_names, /* AUTH_ALGORITHM */
613 NULL, /* KEY_LENGTH */
614 NULL, /* KEY_ROUNDS */
615 NULL, /* COMPRESS_DICT_SIZE */
616 NULL, /* COMPRESS_PRIVATE_ALG */
617 };
618
619 /* SA Lifetime Type attribute */
620
621 static const char *const sa_lifetime_name[] = {
622 "SA_LIFE_TYPE_SECONDS",
623 "SA_LIFE_TYPE_KBYTES",
624 };
625
626 enum_names sa_lifetime_names =
627 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
628
629 /* Encapsulation Mode attribute */
630
631 static const char *const enc_mode_name[] = {
632 "ENCAPSULATION_MODE_TUNNEL",
633 "ENCAPSULATION_MODE_TRANSPORT",
634 "ENCAPSULATION_MODE_UDP_TUNNEL",
635 "ENCAPSULATION_MODE_UDP_TRANSPORT",
636 };
637
638 static const char *const enc_udp_mode_name[] = {
639 "ENCAPSULATION_MODE_UDP_TUNNEL",
640 "ENCAPSULATION_MODE_UDP_TRANSPORT",
641 };
642
643 static enum_names enc_udp_mode_names =
644 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
645
646 enum_names enc_mode_names =
647 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
648
649 /* Auth Algorithm attribute */
650
651 static const char *const auth_alg_name[] = {
652 "AUTH_NONE",
653 "HMAC_MD5",
654 "HMAC_SHA1",
655 "DES_MAC",
656 "KPDK",
657 "HMAC_SHA2_256",
658 "HMAC_SHA2_384",
659 "HMAC_SHA2_512",
660 "HMAC_RIPEMD",
661 "AES_XCBC_96",
662 "SIG_RSA"
663 };
664
665 static const char *const extended_auth_alg_name[] = {
666 "NULL"
667 };
668
669 enum_names extended_auth_alg_names =
670 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
671
672 enum_names auth_alg_names =
673 { AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
674 , &extended_auth_alg_names };
675
676 /* From draft-beaulieu-ike-xauth */
677 static const char *const xauth_type_name[] = {
678 "Generic",
679 "RADIUS-CHAP",
680 "OTP",
681 "S/KEY",
682 };
683
684 enum_names xauth_type_names =
685 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
686
687 /* From draft-beaulieu-ike-xauth */
688 static const char *const xauth_attr_tv_name[] = {
689 "XAUTH_TYPE",
690 NULL,
691 NULL,
692 NULL,
693 NULL,
694 NULL,
695 NULL,
696 "XAUTH_STATUS",
697 };
698
699 enum_names xauth_attr_tv_names = {
700 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
701 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
702
703 static const char *const unity_attr_name[] = {
704 "UNITY_BANNER",
705 "UNITY_SAVE_PASSWD",
706 "UNITY_DEF_DOMAIN",
707 "UNITY_SPLITDNS_NAME",
708 "UNITY_SPLIT_INCLUDE",
709 "UNITY_NATT_PORT",
710 "UNITY_LOCAL_LAN",
711 "UNITY_PFS",
712 "UNITY_FW_TYPE",
713 "UNITY_BACKUP_SERVERS",
714 "UNITY_DDNS_HOSTNAME",
715 };
716
717 enum_names unity_attr_names =
718 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
719
720 static const char *const microsoft_attr_name[] = {
721 "INTERNAL_IP4_SERVER",
722 "INTERNAL_IP6_SERVER",
723 };
724
725 enum_names microsoft_attr_names =
726 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
727
728 static const char *const xauth_attr_name[] = {
729 "XAUTH_USER_NAME",
730 "XAUTH_USER_PASSWORD",
731 "XAUTH_PASSCODE",
732 "XAUTH_MESSAGE",
733 "XAUTH_CHALLENGE",
734 "XAUTH_DOMAIN",
735 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
736 "XAUTH_NEXT_PIN",
737 "XAUTH_ANSWER",
738 };
739
740 enum_names xauth_attr_names =
741 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
742
743 static const char *const modecfg_attr_name[] = {
744 "INTERNAL_IP4_ADDRESS",
745 "INTERNAL_IP4_NETMASK",
746 "INTERNAL_IP4_DNS",
747 "INTERNAL_IP4_NBNS",
748 "INTERNAL_ADDRESS_EXPIRY",
749 "INTERNAL_IP4_DHCP",
750 "APPLICATION_VERSION",
751 "INTERNAL_IP6_ADDRESS",
752 "INTERNAL_IP6_NETMASK",
753 "INTERNAL_IP6_DNS",
754 "INTERNAL_IP6_NBNS",
755 "INTERNAL_IP6_DHCP",
756 "INTERNAL_IP4_SUBNET",
757 "SUPPORTED_ATTRIBUTES",
758 "INTERNAL_IP6_SUBNET",
759 };
760
761 enum_names modecfg_attr_names =
762 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
763
764 /* Oakley Lifetime Type attribute */
765
766 static const char *const oakley_lifetime_name[] = {
767 "OAKLEY_LIFE_SECONDS",
768 "OAKLEY_LIFE_KILOBYTES",
769 };
770
771 enum_names oakley_lifetime_names =
772 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
773
774 /* Oakley PRF attribute (none defined) */
775
776 enum_names oakley_prf_names =
777 { 1, 0, NULL, NULL };
778
779 /* Oakley Encryption Algorithm attribute */
780
781 static const char *const oakley_enc_name[] = {
782 "DES_CBC",
783 "IDEA_CBC",
784 "BLOWFISH_CBC",
785 "RC5_R16_B64_CBC",
786 "3DES_CBC",
787 "CAST_CBC",
788 "AES_CBC",
789 "CAMELLIA_CBC"
790 };
791
792 #ifdef NO_EXTRA_IKE
793 enum_names oakley_enc_names =
794 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
795 #else
796 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
797 "MARS_CBC" /* 65001 */,
798 "RC6_CBC" /* 65002 */,
799 "ID_65003" /* 65003 */,
800 "SERPENT_CBC" /* 65004 */,
801 "TWOFISH_CBC" /* 65005 */,
802 };
803
804 static const char *const oakley_enc_name_ssh[] = {
805 "TWOFISH_CBC_SSH",
806 };
807
808 enum_names oakley_enc_names_ssh =
809 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
810 , NULL };
811
812 enum_names oakley_enc_names_draft_aes_cbc_02 =
813 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
814 , &oakley_enc_names_ssh };
815
816 enum_names oakley_enc_names =
817 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
818 , &oakley_enc_names_draft_aes_cbc_02 };
819 #endif
820
821 /* Oakley Hash Algorithm attribute */
822
823 static const char *const oakley_hash_name[] = {
824 "HMAC_MD5",
825 "HMAC_SHA1",
826 "HMAC_TIGER",
827 "HMAC_SHA2_256",
828 "HMAC_SHA2_384",
829 "HMAC_SHA2_512",
830 };
831
832 enum_names oakley_hash_names =
833 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
834
835 /* Oakley Authentication Method attribute */
836
837 static const char *const oakley_auth_name1[] = {
838 "pre-shared key",
839 "DSS signature",
840 "RSA signature",
841 "RSA encryption",
842 "RSA encryption revised",
843 "ElGamal encryption",
844 "ELGamal encryption revised",
845 "ECDSA signature",
846 "ECDSA-256 signature",
847 "ECDSA-384 signature",
848 "ECDSA-521-signature",
849 };
850
851 static const char *const oakley_auth_name2[] = {
852 "HybridInitRSA",
853 "HybridRespRSA",
854 "HybridInitDSS",
855 "HybridRespDSS",
856 };
857
858 static const char *const oakley_auth_name3[] = {
859 "XAUTHInitPreShared",
860 "XAUTHRespPreShared",
861 "XAUTHInitDSS",
862 "XAUTHRespDSS",
863 "XAUTHInitRSA",
864 "XAUTHRespRSA",
865 "XAUTHInitRSAEncryption",
866 "XAUTHRespRSAEncryption",
867 "XAUTHInitRSARevisedEncryption",
868 "XAUTHRespRSARevisedEncryption",
869 };
870
871 static enum_names oakley_auth_names1 =
872 { OAKLEY_PRESHARED_KEY, OAKLEY_ECDSA_521
873 , oakley_auth_name1, NULL };
874
875 static enum_names oakley_auth_names2 =
876 { HybridInitRSA, HybridRespDSS
877 , oakley_auth_name2, &oakley_auth_names1 };
878
879 enum_names oakley_auth_names =
880 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
881 , oakley_auth_name3, &oakley_auth_names2 };
882
883 /* Oakley Group Description attribute */
884
885 static const char *const oakley_group_name[] = {
886 "MODP_768",
887 "MODP_1024",
888 "GP_155",
889 "GP_185",
890 "MODP_1536",
891 };
892
893 static const char *const oakley_group_name_rfc3526[] = {
894 "MODP_2048",
895 "MODP_3072",
896 "MODP_4096",
897 "MODP_6144",
898 "MODP_8192"
899 };
900
901 static const char *const oakley_group_name_rfc4753[] = {
902 "ECP_256",
903 "ECP_384",
904 "ECP_521"
905 };
906
907 static const char *const oakley_group_name_rfc5114[] = {
908 "ECP_192",
909 "ECP_224"
910 };
911
912 enum_names oakley_group_names_rfc5114 =
913 { ECP_192_BIT, ECP_224_BIT,
914 oakley_group_name_rfc5114, NULL };
915
916 enum_names oakley_group_names_rfc4753 =
917 { ECP_256_BIT, ECP_521_BIT,
918 oakley_group_name_rfc4753, &oakley_group_names_rfc5114 };
919
920 enum_names oakley_group_names_rfc3526 =
921 { MODP_2048_BIT, MODP_8192_BIT,
922 oakley_group_name_rfc3526, &oakley_group_names_rfc4753 };
923
924 enum_names oakley_group_names =
925 { MODP_768_BIT, MODP_1536_BIT,
926 oakley_group_name, &oakley_group_names_rfc3526 };
927
928 /* Oakley Group Type attribute */
929
930 static const char *const oakley_group_type_name[] = {
931 "OAKLEY_GROUP_TYPE_MODP",
932 "OAKLEY_GROUP_TYPE_ECP",
933 "OAKLEY_GROUP_TYPE_EC2N",
934 };
935
936 enum_names oakley_group_type_names =
937 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
938
939 /* Notify messages -- error types */
940
941 static const char *const notification_name[] = {
942 "INVALID_PAYLOAD_TYPE",
943 "DOI_NOT_SUPPORTED",
944 "SITUATION_NOT_SUPPORTED",
945 "INVALID_COOKIE",
946 "INVALID_MAJOR_VERSION",
947 "INVALID_MINOR_VERSION",
948 "INVALID_EXCHANGE_TYPE",
949 "INVALID_FLAGS",
950 "INVALID_MESSAGE_ID",
951 "INVALID_PROTOCOL_ID",
952 "INVALID_SPI",
953 "INVALID_TRANSFORM_ID",
954 "ATTRIBUTES_NOT_SUPPORTED",
955 "NO_PROPOSAL_CHOSEN",
956 "BAD_PROPOSAL_SYNTAX",
957 "PAYLOAD_MALFORMED",
958 "INVALID_KEY_INFORMATION",
959 "INVALID_ID_INFORMATION",
960 "INVALID_CERT_ENCODING",
961 "INVALID_CERTIFICATE",
962 "CERT_TYPE_UNSUPPORTED",
963 "INVALID_CERT_AUTHORITY",
964 "INVALID_HASH_INFORMATION",
965 "AUTHENTICATION_FAILED",
966 "INVALID_SIGNATURE",
967 "ADDRESS_NOTIFICATION",
968 "NOTIFY_SA_LIFETIME",
969 "CERTIFICATE_UNAVAILABLE",
970 "UNSUPPORTED_EXCHANGE_TYPE",
971 "UNEQUAL_PAYLOAD_LENGTHS",
972 };
973
974 static const char *const notification_status_name[] = {
975 "CONNECTED",
976 };
977
978 static const char *const ipsec_notification_name[] = {
979 "IPSEC_RESPONDER_LIFETIME",
980 "IPSEC_REPLAY_STATUS",
981 "IPSEC_INITIAL_CONTACT",
982 };
983
984 static const char *const notification_dpd_name[] = {
985 "R_U_THERE",
986 "R_U_THERE_ACK",
987 };
988
989 enum_names notification_dpd_names =
990 { R_U_THERE, R_U_THERE_ACK,
991 notification_dpd_name, NULL };
992
993 enum_names ipsec_notification_names =
994 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
995 ipsec_notification_name, &notification_dpd_names };
996
997 enum_names notification_status_names =
998 { CONNECTED, CONNECTED,
999 notification_status_name, &ipsec_notification_names };
1000
1001 enum_names notification_names =
1002 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
1003 notification_name, &notification_status_names };
1004
1005 /* MODECFG
1006 * From draft-dukes-ike-mode-cfg
1007 */
1008 const char *const attr_msg_type_name[] = {
1009 "ISAKMP_CFG_RESERVED",
1010 "ISAKMP_CFG_REQUEST",
1011 "ISAKMP_CFG_REPLY",
1012 "ISAKMP_CFG_SET",
1013 "ISAKMP_CFG_ACK",
1014 NULL
1015 };
1016
1017 enum_names attr_msg_type_names =
1018 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1019
1020 /* socket address family info */
1021
1022 static const char *const af_inet_name[] = {
1023 "AF_INET",
1024 };
1025
1026 static const char *const af_inet6_name[] = {
1027 "AF_INET6",
1028 };
1029
1030 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1031
1032 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1033
1034 static ip_address ipv4_any, ipv6_any;
1035 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1036 static ip_subnet ipv4_all, ipv6_all;
1037
1038 const struct af_info af_inet4_info = {
1039 AF_INET,
1040 "AF_INET",
1041 sizeof(struct in_addr),
1042 sizeof(struct sockaddr_in),
1043 32,
1044 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1045 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1046 };
1047
1048 const struct af_info af_inet6_info = {
1049 AF_INET6,
1050 "AF_INET6",
1051 sizeof(struct in6_addr),
1052 sizeof(struct sockaddr_in6),
1053 128,
1054 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1055 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1056 };
1057
1058 const struct af_info *
1059 aftoinfo(int af)
1060 {
1061 switch (af)
1062 {
1063 case AF_INET:
1064 return &af_inet4_info;
1065 case AF_INET6:
1066 return &af_inet6_info;
1067 default:
1068 return NULL;
1069 }
1070 }
1071
1072 bool subnetisnone(const ip_subnet *sn)
1073 {
1074 ip_address base;
1075
1076 networkof(sn, &base);
1077 return isanyaddr(&base) && subnetishost(sn);
1078 }
1079
1080 /* BIND enumerated types */
1081
1082 #include <arpa/nameser.h>
1083
1084 static const char *const rr_type_name[] = {
1085 "T_A", /* 1 host address */
1086 "T_NS", /* 2 authoritative server */
1087 "T_MD", /* 3 mail destination */
1088 "T_MF", /* 4 mail forwarder */
1089 "T_CNAME", /* 5 canonical name */
1090 "T_SOA", /* 6 start of authority zone */
1091 "T_MB", /* 7 mailbox domain name */
1092 "T_MG", /* 8 mail group member */
1093 "T_MR", /* 9 mail rename name */
1094 "T_NULL", /* 10 null resource record */
1095 "T_WKS", /* 11 well known service */
1096 "T_PTR", /* 12 domain name pointer */
1097 "T_HINFO", /* 13 host information */
1098 "T_MINFO", /* 14 mailbox information */
1099 "T_MX", /* 15 mail routing information */
1100 "T_TXT", /* 16 text strings */
1101 "T_RP", /* 17 responsible person */
1102 "T_AFSDB", /* 18 AFS cell database */
1103 "T_X25", /* 19 X_25 calling address */
1104 "T_ISDN", /* 20 ISDN calling address */
1105 "T_RT", /* 21 router */
1106 "T_NSAP", /* 22 NSAP address */
1107 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1108 "T_SIG", /* 24 security signature */
1109 "T_KEY", /* 25 security key */
1110 "T_PX", /* 26 X.400 mail mapping */
1111 "T_GPOS", /* 27 geographical position (withdrawn) */
1112 "T_AAAA", /* 28 IP6 Address */
1113 "T_LOC", /* 29 Location Information */
1114 "T_NXT", /* 30 Next Valid Name in Zone */
1115 "T_EID", /* 31 Endpoint identifier */
1116 "T_NIMLOC", /* 32 Nimrod locator */
1117 "T_SRV", /* 33 Server selection */
1118 "T_ATMA", /* 34 ATM Address */
1119 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1120 NULL
1121 };
1122
1123 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1124
1125 /* Query type values which do not appear in resource records */
1126 static const char *const rr_qtype_name[] = {
1127 "T_IXFR", /* 251 incremental zone transfer */
1128 "T_AXFR", /* 252 transfer zone of authority */
1129 "T_MAILB", /* 253 transfer mailbox records */
1130 "T_MAILA", /* 254 transfer mail agent records */
1131 "T_ANY", /* 255 wildcard match */
1132 NULL
1133 };
1134
1135 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1136
1137 static const char *const rr_class_name[] = {
1138 "C_IN", /* 1 the arpa internet */
1139 NULL
1140 };
1141
1142 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1143
1144 /*
1145 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1146 *
1147 */
1148 const char *const natt_type_bitnames[] = {
1149 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1150 "draft-ietf-ipsec-nat-t-ike-02/03",
1151 "RFC 3947",
1152 "3", /* 3 */
1153 "4", "5", "6", "7",
1154 "8", "9", "10", "11",
1155 "12", "13", "14", "15",
1156 "16", "17", "18", "19",
1157 "20", "21", "22", "23",
1158 "24", "25", "26", "27",
1159 "28", "29",
1160 "nat is behind me",
1161 "nat is behind peer"
1162 };
1163
1164 /* look up enum names in an enum_names */
1165
1166 const char* enum_name(enum_names *ed, unsigned long val)
1167 {
1168 enum_names *p;
1169
1170 for (p = ed; p != NULL; p = p->en_next_range)
1171 {
1172 if (p->en_first <= val && val <= p->en_last)
1173 return p->en_names[val - p->en_first];
1174 }
1175 return NULL;
1176 }
1177
1178 /* find or construct a string to describe an enum value
1179 * Result may be in STATIC buffer!
1180 */
1181 const char *
1182 enum_show(enum_names *ed, unsigned long val)
1183 {
1184 const char *p = enum_name(ed, val);
1185
1186 if (p == NULL)
1187 {
1188 static char buf[12]; /* only one! I hope that it is big enough */
1189
1190 snprintf(buf, sizeof(buf), "%lu??", val);
1191 p = buf;
1192 }
1193 return p;
1194 }
1195
1196
1197 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1198
1199 int
1200 enum_search(enum_names *ed, const char *str)
1201 {
1202 enum_names *p;
1203 const char *ptr;
1204 unsigned en;
1205
1206 for (p = ed; p != NULL; p = p->en_next_range)
1207 {
1208 for (en = p->en_first; en <= p->en_last ;en++)
1209 {
1210 ptr = p->en_names[en - p->en_first];
1211 if (ptr == 0)
1212 {
1213 continue;
1214 }
1215 if (streq(ptr, str))
1216 {
1217 return en;
1218 }
1219 }
1220 }
1221 return -1;
1222 }
1223
1224 /* construct a string to name the bits on in a set
1225 * Result may be in STATIC buffer!
1226 * Note: prettypolicy depends on internal details.
1227 */
1228 const char* bitnamesof(const char *const table[], lset_t val)
1229 {
1230 char *p = bitnamesbuf;
1231 lset_t bit;
1232 const char *const *tp;
1233
1234 if (val == 0)
1235 return "none";
1236
1237 for (tp = table, bit = 01; val != 0; bit <<= 1)
1238 {
1239 if (val & bit)
1240 {
1241 const char *n = *tp;
1242 size_t nl;
1243
1244 if (n == NULL || *n == '\0')
1245 {
1246 /* no name for this bit, so use hex */
1247 static char flagbuf[sizeof("0x80000000")];
1248
1249 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1250 n = flagbuf;
1251 }
1252
1253 nl = strlen(n);
1254
1255 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1256 *p++ = '+';
1257
1258 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1259 {
1260 strcpy(p, n);
1261 p += nl;
1262 }
1263 val -= bit;
1264 }
1265 if (*tp != NULL)
1266 tp++; /* move on, but not past end */
1267 }
1268 *p = '\0';
1269 return bitnamesbuf;
1270 }
1271
1272 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1273 * Suppress the shunt and fail fields if 0.
1274 */
1275 const char* prettypolicy(lset_t policy)
1276 {
1277 const char *bn = bitnamesof(sa_policy_bit_names
1278 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1279 size_t len;
1280 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1281 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1282
1283 if (bn != bitnamesbuf)
1284 bitnamesbuf[0] = '\0';
1285 len = strlen(bitnamesbuf);
1286 if (shunt != 0)
1287 {
1288 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1289 , policy_shunt_names[shunt]);
1290 len += strlen(bitnamesbuf + len);
1291 }
1292 if (fail != 0)
1293 {
1294 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1295 , policy_fail_names[fail]);
1296 len += strlen(bitnamesbuf + len);
1297 }
1298 if (NEVER_NEGOTIATE(policy))
1299 {
1300 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1301 len += strlen(bitnamesbuf + len);
1302 }
1303 return bitnamesbuf;
1304 }
1305
1306 /* test a set by seeing if all bits have names */
1307
1308 bool testset(const char *const table[], lset_t val)
1309 {
1310 lset_t bit;
1311 const char *const *tp;
1312
1313 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1314 {
1315 const char *n = *tp;
1316
1317 if (n == NULL || ((val & bit) && *n == '\0'))
1318 return FALSE;
1319 val &= ~bit;
1320 }
1321 return TRUE;
1322 }
1323
1324
1325 const char sparse_end[] = "end of sparse names";
1326
1327 /* look up enum names in a sparse_names */
1328 const char *sparse_name(sparse_names sd, unsigned long val)
1329 {
1330 const struct sparse_name *p;
1331
1332 for (p = sd; p->name != sparse_end; p++)
1333 if (p->val == val)
1334 return p->name;
1335 return NULL;
1336 }
1337
1338 /* find or construct a string to describe an sparse value
1339 * Result may be in STATIC buffer!
1340 */
1341 const char* sparse_val_show(sparse_names sd, unsigned long val)
1342 {
1343 const char *p = sparse_name(sd, val);
1344
1345 if (p == NULL)
1346 {
1347 static char buf[12]; /* only one! I hope that it is big enough */
1348
1349 snprintf(buf, sizeof(buf), "%lu??", val);
1350 p = buf;
1351 }
1352 return p;
1353 }
1354
1355 void init_constants(void)
1356 {
1357 happy(anyaddr(AF_INET, &ipv4_any));
1358 happy(anyaddr(AF_INET6, &ipv6_any));
1359
1360 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1361 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1362
1363 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1364 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1365 }
1366
1367 u_char secret_of_the_day[HASH_SIZE_SHA1];
1368
1369