Added support for DH groups 22, 23 and 24, patch contributed by Joy Latten
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Note that the array sizes are all specified; this is to enable range
18 * checking by code that only includes constants.h.
19 */
20
21 #include <stddef.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <netinet/in.h>
25
26 #include <freeswan.h>
27
28 #include <attributes/attributes.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef SMARTCARD
42 " SMARTCARD"
43 #endif
44 #ifdef VENDORID
45 " VENDORID"
46 #endif
47 #ifdef CISCO_QUIRKS
48 " CISCO_QUIRKS"
49 #endif
50 #ifdef USE_KEYRR
51 " KEYRR"
52 #endif
53 ;
54
55 /* version */
56
57 static const char *const version_name[] = {
58 "ISAKMP Version 1.0",
59 };
60
61 enum_names version_names =
62 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
63 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
64 version_name, NULL };
65
66 /* RFC 3706 Dead Peer Detection */
67
68 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
69 "none",
70 "clear",
71 "hold",
72 "restart"
73 );
74
75 /* Timer events */
76
77 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
78 "EVENT_NULL",
79 "EVENT_REINIT_SECRET",
80 "EVENT_SHUNT_SCAN",
81 "EVENT_SO_DISCARD",
82 "EVENT_RETRANSMIT",
83 "EVENT_SA_REPLACE",
84 "EVENT_SA_REPLACE_IF_USED",
85 "EVENT_SA_EXPIRE",
86 "EVENT_NAT_T_KEEPALIVE",
87 "EVENT_DPD",
88 "EVENT_DPD_TIMEOUT",
89 "EVENT_LOG_DAILY"
90 );
91
92 /* Domain of Interpretation */
93
94 static const char *const doi_name[] = {
95 "ISAKMP_DOI_ISAKMP",
96 "ISAKMP_DOI_IPSEC",
97 };
98
99 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
100
101 /* debugging settings: a set of selections for reporting
102 * These would be more naturally situated in log.h,
103 * but they are shared with whack.
104 * It turns out that "debug-" is clutter in all contexts this is used,
105 * so we leave it off.
106 */
107 #ifdef DEBUG
108 const char *const debug_bit_names[] = {
109 "raw",
110 "crypt",
111 "parsing",
112 "emitting",
113 "control",
114 "lifecycle",
115 "klips",
116 "dns",
117 "natt",
118 "oppo",
119 "controlmore",
120
121 "private",
122
123 "impair-delay-adns-key-answer",
124 "impair-delay-adns-txt-answer",
125 "impair-bust-mi2",
126 "impair-bust-mr2",
127
128 NULL
129 };
130 #endif
131
132 /* State of exchanges */
133
134 static const char *const state_name[] = {
135 "STATE_MAIN_R0",
136 "STATE_MAIN_I1",
137 "STATE_MAIN_R1",
138 "STATE_MAIN_I2",
139 "STATE_MAIN_R2",
140 "STATE_MAIN_I3",
141 "STATE_MAIN_R3",
142 "STATE_MAIN_I4",
143
144 "STATE_QUICK_R0",
145 "STATE_QUICK_I1",
146 "STATE_QUICK_R1",
147 "STATE_QUICK_I2",
148 "STATE_QUICK_R2",
149
150 "STATE_INFO",
151 "STATE_INFO_PROTECTED",
152
153 "STATE_XAUTH_I0",
154 "STATE_XAUTH_R1",
155 "STATE_XAUTH_I1",
156 "STATE_XAUTH_R2",
157 "STATE_XAUTH_I2",
158 "STATE_XAUTH_R3",
159
160 "STATE_MODE_CFG_R0",
161 "STATE_MODE_CFG_I1",
162 "STATE_MODE_CFG_R1",
163 "STATE_MODE_CFG_I2",
164
165 "STATE_MODE_CFG_I0",
166 "STATE_MODE_CFG_R3",
167 "STATE_MODE_CFG_I3",
168 "STATE_MODE_CFG_R4",
169
170 "STATE_IKE_ROOF"
171 };
172
173 enum_names state_names =
174 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
175
176 /* story for state */
177
178 const char *const state_story[] = {
179 "expecting MI1", /* STATE_MAIN_R0 */
180 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
181 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
182 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
183 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
184 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
185 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
186 "ISAKMP SA established", /* STATE_MAIN_I4 */
187
188 "expecting QI1", /* STATE_QUICK_R0 */
189 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
190 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
191 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
192 "IPsec SA established", /* STATE_QUICK_R2 */
193
194 "got Informational Message in clear", /* STATE_INFO */
195 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
196
197 "expecting XAUTH request", /* STATE_XAUTH_I0 */
198 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
199 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
200 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
201 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
202 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
203
204 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
205 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
206 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
207 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
208
209 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
210 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
211 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
212 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
213 };
214
215 /* kind of struct connection */
216
217 static const char *const connection_kind_name[] = {
218 "CK_GROUP", /* policy group: instantiates to template */
219 "CK_TEMPLATE", /* abstract connection, with wildcard */
220 "CK_PERMANENT", /* normal connection */
221 "CK_INSTANCE", /* instance of template, created for a particular attempt */
222 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
223 };
224
225 enum_names connection_kind_names =
226 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
227
228 /* routing status names */
229
230 static const char *const routing_story_strings[] = {
231 "unrouted", /* RT_UNROUTED: unrouted */
232 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
233 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
234 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
235 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
236 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
237 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
238 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
239 };
240
241 enum_names routing_story =
242 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
243
244 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
245
246 const char *const payload_name[] = {
247 "ISAKMP_NEXT_NONE",
248 "ISAKMP_NEXT_SA",
249 "ISAKMP_NEXT_P",
250 "ISAKMP_NEXT_T",
251 "ISAKMP_NEXT_KE",
252 "ISAKMP_NEXT_ID",
253 "ISAKMP_NEXT_CERT",
254 "ISAKMP_NEXT_CR",
255 "ISAKMP_NEXT_HASH",
256 "ISAKMP_NEXT_SIG",
257 "ISAKMP_NEXT_NONCE",
258 "ISAKMP_NEXT_N",
259 "ISAKMP_NEXT_D",
260 "ISAKMP_NEXT_VID",
261 "ISAKMP_NEXT_MODECFG",
262 "ISAKMP_NEXT_15",
263 "ISAKMP_NEXT_16",
264 "ISAKMP_NEXT_17",
265 "ISAKMP_NEXT_18",
266 "ISAKMP_NEXT_19",
267 "ISAKMP_NEXT_NAT-D",
268 "ISAKMP_NEXT_NAT-OA",
269 NULL
270 };
271
272 const char *const payload_name_nat_d[] = {
273 "ISAKMP_NEXT_NAT-D",
274 "ISAKMP_NEXT_NAT-OA", NULL
275 };
276
277 static enum_names payload_names_nat_d =
278 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
279
280 enum_names payload_names =
281 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
282
283 /* Exchange types (note: two discontinuous ranges) */
284
285 static const char *const exchange_name[] = {
286 "ISAKMP_XCHG_NONE",
287 "ISAKMP_XCHG_BASE",
288 "ISAKMP_XCHG_IDPROT",
289 "ISAKMP_XCHG_AO",
290 "ISAKMP_XCHG_AGGR",
291 "ISAKMP_XCHG_INFO",
292 "ISAKMP_XCHG_MODE_CFG",
293 };
294
295 static const char *const exchange_name2[] = {
296 "ISAKMP_XCHG_QUICK",
297 "ISAKMP_XCHG_NGRP",
298 "ISAKMP_XCHG_ACK_INFO",
299 };
300
301 static enum_names exchange_desc2 =
302 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
303
304 enum_names exchange_names =
305 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
306
307 /* Flag BITS */
308 const char *const flag_bit_names[] = {
309 "ISAKMP_FLAG_ENCRYPTION",
310 "ISAKMP_FLAG_COMMIT",
311 NULL
312 };
313
314 /* Situation BITS definition for IPsec DOI */
315
316 const char *const sit_bit_names[] = {
317 "SIT_IDENTITY_ONLY",
318 "SIT_SECRECY",
319 "SIT_INTEGRITY",
320 NULL
321 };
322
323 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
324
325 static const char *const protocol_name[] = {
326 "PROTO_ISAKMP",
327 "PROTO_IPSEC_AH",
328 "PROTO_IPSEC_ESP",
329 "PROTO_IPCOMP",
330 };
331
332 enum_names protocol_names =
333 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
334
335 /* IPsec ISAKMP transform values */
336
337 static const char *const isakmp_transform_name[] = {
338 "KEY_IKE",
339 };
340
341 enum_names isakmp_transformid_names =
342 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
343
344 /* IPsec AH transform values */
345
346 static const char *const ah_transform_name[] = {
347 "HMAC_MD5",
348 "HMAC_SHA1",
349 "DES_MAC",
350 "HMAC_SHA2_256",
351 "HMAC_SHA2_384",
352 "HMAC_SHA2_512",
353 "HMAC_RIPEMD",
354 "AES_XCBC_96",
355 "SIG_RSA",
356 "AES_128_GMAC",
357 "AES_192_GMAC",
358 "AES_256_GMAC"
359 };
360
361 static const char *const ah_transform_name_high[] = {
362 "HMAC_SHA2_256_96"
363 };
364
365 enum_names ah_transform_names_high =
366 { AH_SHA2_256_96, AH_SHA2_256_96, ah_transform_name_high, NULL };
367
368 enum_names ah_transform_names =
369 { AH_MD5, AH_AES_256_GMAC, ah_transform_name, &ah_transform_names_high };
370
371 /* IPsec ESP transform values */
372
373 static const char *const esp_transform_name[] = {
374 "DES_IV64",
375 "DES_CBC",
376 "3DES_CBC",
377 "RC5_CBC",
378 "IDEA_CBC",
379 "CAST_CBC",
380 "BLOWFISH_CBC",
381 "3IDEA",
382 "DES_IV32",
383 "RC4",
384 "NULL",
385 "AES_CBC",
386 "AES_CTR",
387 "AES_CCM_8",
388 "AES_CCM_12",
389 "AES_CCM_16",
390 "UNASSIGNED_17",
391 "AES_GCM_8",
392 "AES_GCM_12",
393 "AES_GCM_16",
394 "SEED_CBC",
395 "CAMELLIA_CBC",
396 "AES_GMAC"
397 };
398
399 static const char *const esp_transform_name_high[] = {
400 "SERPENT_CBC",
401 "TWOFISH_CBC"
402 };
403
404 enum_names esp_transform_names_high =
405 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
406
407 enum_names esp_transform_names =
408 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transform_names_high };
409
410 /* IPCOMP transform values */
411
412 static const char *const ipcomp_transform_name[] = {
413 "IPCOMP_OUI",
414 "IPCOMP_DEFLAT",
415 "IPCOMP_LZS",
416 "IPCOMP_LZJH",
417 };
418
419 enum_names ipcomp_transformid_names =
420 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
421
422 /* Identification type values */
423
424 static const char *const ident_name[] = {
425 "ID_IPV4_ADDR",
426 "ID_FQDN",
427 "ID_USER_FQDN",
428 "ID_IPV4_ADDR_SUBNET",
429 "ID_IPV6_ADDR",
430 "ID_IPV6_ADDR_SUBNET",
431 "ID_IPV4_ADDR_RANGE",
432 "ID_IPV6_ADDR_RANGE",
433 "ID_DER_ASN1_DN",
434 "ID_DER_ASN1_GN",
435 "ID_KEY_ID",
436 };
437
438 enum_names ident_names =
439 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
440
441 /* Certificate type values */
442
443 static const char *const cert_type_name[] = {
444 "CERT_NONE",
445 "CERT_PKCS7_WRAPPED_X509",
446 "CERT_PGP",
447 "CERT_DNS_SIGNED_KEY",
448 "CERT_X509_SIGNATURE",
449 "CERT_X509_KEY_EXCHANGE",
450 "CERT_KERBEROS_TOKENS",
451 "CERT_CRL",
452 "CERT_ARL",
453 "CERT_SPKI",
454 "CERT_X509_ATTRIBUTE",
455 };
456
457 enum_names cert_type_names =
458 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
459
460 /* Certificate policy names */
461
462 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
463 "ALWAYS_SEND",
464 "SEND_IF_ASKED",
465 "NEVER_SEND",
466 );
467
468 /* Goal BITs for establishing an SA
469 * Note: we drop the POLICY_ prefix so that logs are more concise.
470 */
471
472 const char *const sa_policy_bit_names[] = {
473 "PSK",
474 "PUBKEY",
475 "ENCRYPT",
476 "AUTHENTICATE",
477 "COMPRESS",
478 "TUNNEL",
479 "PFS",
480 "DISABLEARRIVALCHECK",
481 "SHUNT0",
482 "SHUNT1",
483 "FAILSHUNT0",
484 "FAILSHUNT1",
485 "DONTREKEY",
486 "OPPORTUNISTIC",
487 "GROUP",
488 "GROUTED",
489 "UP",
490 "MODECFGPUSH",
491 "XAUTHPSK",
492 "XAUTHRSASIG",
493 "XAUTHSERVER",
494 "DONTREAUTH",
495 "BEET",
496 "MOBIKE",
497 "PROXY",
498 NULL
499 };
500
501 const char *const policy_shunt_names[4] = {
502 "TRAP",
503 "PASS",
504 "DROP",
505 "REJECT",
506 };
507
508 const char *const policy_fail_names[4] = {
509 "NONE",
510 "PASS",
511 "DROP",
512 "REJECT",
513 };
514
515 /* Oakley transform attributes
516 * oakley_attr_bit_names does double duty: it is used for enum names
517 * and bit names.
518 */
519
520 const char *const oakley_attr_bit_names[] = {
521 "OAKLEY_ENCRYPTION_ALGORITHM",
522 "OAKLEY_HASH_ALGORITHM",
523 "OAKLEY_AUTHENTICATION_METHOD",
524 "OAKLEY_GROUP_DESCRIPTION",
525 "OAKLEY_GROUP_TYPE",
526 "OAKLEY_GROUP_PRIME",
527 "OAKLEY_GROUP_GENERATOR_ONE",
528 "OAKLEY_GROUP_GENERATOR_TWO",
529 "OAKLEY_GROUP_CURVE_A",
530 "OAKLEY_GROUP_CURVE_B",
531 "OAKLEY_LIFE_TYPE",
532 "OAKLEY_LIFE_DURATION",
533 "OAKLEY_PRF",
534 "OAKLEY_KEY_LENGTH",
535 "OAKLEY_FIELD_SIZE",
536 "OAKLEY_GROUP_ORDER",
537 "OAKLEY_BLOCK_SIZE",
538 NULL
539 };
540
541 static const char *const oakley_var_attr_name[] = {
542 "OAKLEY_GROUP_PRIME (variable length)",
543 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
544 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
545 "OAKLEY_GROUP_CURVE_A (variable length)",
546 "OAKLEY_GROUP_CURVE_B (variable length)",
547 NULL,
548 "OAKLEY_LIFE_DURATION (variable length)",
549 NULL,
550 NULL,
551 NULL,
552 "OAKLEY_GROUP_ORDER (variable length)",
553 };
554
555 static enum_names oakley_attr_desc_tv = {
556 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
557 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
558
559 enum_names oakley_attr_names = {
560 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
561 oakley_var_attr_name, &oakley_attr_desc_tv };
562
563 /* for each Oakley attribute, which enum_names describes its values? */
564 enum_names *oakley_attr_val_descs[] = {
565 NULL, /* (none) */
566 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
567 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
568 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
569 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
570 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
571 NULL, /* OAKLEY_GROUP_PRIME */
572 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
573 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
574 NULL, /* OAKLEY_GROUP_CURVE_A */
575 NULL, /* OAKLEY_GROUP_CURVE_B */
576 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
577 NULL, /* OAKLEY_LIFE_DURATION */
578 &oakley_prf_names, /* OAKLEY_PRF */
579 NULL, /* OAKLEY_KEY_LENGTH */
580 NULL, /* OAKLEY_FIELD_SIZE */
581 NULL, /* OAKLEY_GROUP_ORDER */
582 };
583
584 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
585
586 static const char *const ipsec_attr_name[] = {
587 "SA_LIFE_TYPE",
588 "SA_LIFE_DURATION",
589 "GROUP_DESCRIPTION",
590 "ENCAPSULATION_MODE",
591 "AUTH_ALGORITHM",
592 "KEY_LENGTH",
593 "KEY_ROUNDS",
594 "COMPRESS_DICT_SIZE",
595 "COMPRESS_PRIVATE_ALG",
596 };
597
598 static const char *const ipsec_var_attr_name[] = {
599 "SA_LIFE_DURATION (variable length)",
600 NULL,
601 NULL,
602 NULL,
603 NULL,
604 NULL,
605 NULL,
606 "COMPRESS_PRIVATE_ALG (variable length)",
607 };
608
609 static enum_names ipsec_attr_desc_tv = {
610 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
611 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
612 ipsec_attr_name, NULL };
613
614 enum_names ipsec_attr_names = {
615 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
616 ipsec_var_attr_name, &ipsec_attr_desc_tv };
617
618 /* for each IPsec attribute, which enum_names describes its values? */
619 enum_names *ipsec_attr_val_descs[] = {
620 NULL, /* (none) */
621 &sa_lifetime_names, /* SA_LIFE_TYPE */
622 NULL, /* SA_LIFE_DURATION */
623 &oakley_group_names, /* GROUP_DESCRIPTION */
624 &enc_mode_names, /* ENCAPSULATION_MODE */
625 &auth_alg_names, /* AUTH_ALGORITHM */
626 NULL, /* KEY_LENGTH */
627 NULL, /* KEY_ROUNDS */
628 NULL, /* COMPRESS_DICT_SIZE */
629 NULL, /* COMPRESS_PRIVATE_ALG */
630 };
631
632 /* SA Lifetime Type attribute */
633
634 static const char *const sa_lifetime_name[] = {
635 "SA_LIFE_TYPE_SECONDS",
636 "SA_LIFE_TYPE_KBYTES",
637 };
638
639 enum_names sa_lifetime_names =
640 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
641
642 /* Encapsulation Mode attribute */
643
644 static const char *const enc_mode_name[] = {
645 "ENCAPSULATION_MODE_TUNNEL",
646 "ENCAPSULATION_MODE_TRANSPORT",
647 "ENCAPSULATION_MODE_UDP_TUNNEL",
648 "ENCAPSULATION_MODE_UDP_TRANSPORT",
649 };
650
651 static const char *const enc_udp_mode_name[] = {
652 "ENCAPSULATION_MODE_UDP_TUNNEL",
653 "ENCAPSULATION_MODE_UDP_TRANSPORT",
654 };
655
656 static enum_names enc_udp_mode_names =
657 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
658
659 enum_names enc_mode_names =
660 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
661
662 /* Auth Algorithm attribute */
663
664 static const char *const auth_alg_name[] = {
665 "AUTH_NONE",
666 "HMAC_MD5",
667 "HMAC_SHA1",
668 "DES_MAC",
669 "KPDK",
670 "HMAC_SHA2_256",
671 "HMAC_SHA2_384",
672 "HMAC_SHA2_512",
673 "HMAC_RIPEMD",
674 "AES_XCBC_96",
675 "SIG_RSA"
676 };
677
678 static const char *const extended_auth_alg_name[] = {
679 "NULL",
680 "HMAC_SHA2_256_96"
681 };
682
683 enum_names extended_auth_alg_names =
684 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_HMAC_SHA2_256_96,
685 extended_auth_alg_name, NULL };
686
687 enum_names auth_alg_names =
688 { AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA,
689 auth_alg_name, &extended_auth_alg_names };
690
691 /* From draft-beaulieu-ike-xauth */
692 static const char *const xauth_type_name[] = {
693 "Generic",
694 "RADIUS-CHAP",
695 "OTP",
696 "S/KEY",
697 };
698
699 enum_names xauth_type_names =
700 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
701
702 /* From draft-beaulieu-ike-xauth */
703 static const char *const xauth_attr_tv_name[] = {
704 "XAUTH_TYPE",
705 NULL,
706 NULL,
707 NULL,
708 NULL,
709 NULL,
710 NULL,
711 "XAUTH_STATUS",
712 };
713
714 enum_names xauth_attr_tv_names = {
715 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
716 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
717
718 static const char *const unity_attr_name[] = {
719 "UNITY_BANNER",
720 "UNITY_SAVE_PASSWD",
721 "UNITY_DEF_DOMAIN",
722 "UNITY_SPLITDNS_NAME",
723 "UNITY_SPLIT_INCLUDE",
724 "UNITY_NATT_PORT",
725 "UNITY_LOCAL_LAN",
726 "UNITY_PFS",
727 "UNITY_FW_TYPE",
728 "UNITY_BACKUP_SERVERS",
729 "UNITY_DDNS_HOSTNAME",
730 };
731
732 enum_names unity_attr_names =
733 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
734
735 static const char *const microsoft_attr_name[] = {
736 "INTERNAL_IP4_SERVER",
737 "INTERNAL_IP6_SERVER",
738 };
739
740 enum_names microsoft_attr_names =
741 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
742
743 static const char *const xauth_attr_name[] = {
744 "XAUTH_USER_NAME",
745 "XAUTH_USER_PASSWORD",
746 "XAUTH_PASSCODE",
747 "XAUTH_MESSAGE",
748 "XAUTH_CHALLENGE",
749 "XAUTH_DOMAIN",
750 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
751 "XAUTH_NEXT_PIN",
752 "XAUTH_ANSWER",
753 };
754
755 enum_names xauth_attr_names =
756 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
757
758 static const char *const modecfg_attr_name[] = {
759 "INTERNAL_IP4_ADDRESS",
760 "INTERNAL_IP4_NETMASK",
761 "INTERNAL_IP4_DNS",
762 "INTERNAL_IP4_NBNS",
763 "INTERNAL_ADDRESS_EXPIRY",
764 "INTERNAL_IP4_DHCP",
765 "APPLICATION_VERSION",
766 "INTERNAL_IP6_ADDRESS",
767 "INTERNAL_IP6_NETMASK",
768 "INTERNAL_IP6_DNS",
769 "INTERNAL_IP6_NBNS",
770 "INTERNAL_IP6_DHCP",
771 "INTERNAL_IP4_SUBNET",
772 "SUPPORTED_ATTRIBUTES",
773 "INTERNAL_IP6_SUBNET",
774 };
775
776 enum_names modecfg_attr_names =
777 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
778
779 /* Oakley Lifetime Type attribute */
780
781 static const char *const oakley_lifetime_name[] = {
782 "OAKLEY_LIFE_SECONDS",
783 "OAKLEY_LIFE_KILOBYTES",
784 };
785
786 enum_names oakley_lifetime_names =
787 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
788
789 /* Oakley PRF attribute (none defined) */
790
791 enum_names oakley_prf_names =
792 { 1, 0, NULL, NULL };
793
794 /* Oakley Encryption Algorithm attribute */
795
796 static const char *const oakley_enc_name[] = {
797 "DES_CBC",
798 "IDEA_CBC",
799 "BLOWFISH_CBC",
800 "RC5_R16_B64_CBC",
801 "3DES_CBC",
802 "CAST_CBC",
803 "AES_CBC",
804 "CAMELLIA_CBC"
805 };
806
807 #ifdef NO_EXTRA_IKE
808 enum_names oakley_enc_names =
809 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
810 #else
811 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
812 "MARS_CBC" /* 65001 */,
813 "RC6_CBC" /* 65002 */,
814 "ID_65003" /* 65003 */,
815 "SERPENT_CBC" /* 65004 */,
816 "TWOFISH_CBC" /* 65005 */,
817 };
818
819 static const char *const oakley_enc_name_ssh[] = {
820 "TWOFISH_CBC_SSH",
821 };
822
823 enum_names oakley_enc_names_ssh =
824 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
825 , NULL };
826
827 enum_names oakley_enc_names_draft_aes_cbc_02 =
828 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
829 , &oakley_enc_names_ssh };
830
831 enum_names oakley_enc_names =
832 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
833 , &oakley_enc_names_draft_aes_cbc_02 };
834 #endif
835
836 /* Oakley Hash Algorithm attribute */
837
838 static const char *const oakley_hash_name[] = {
839 "HMAC_MD5",
840 "HMAC_SHA1",
841 "HMAC_TIGER",
842 "HMAC_SHA2_256",
843 "HMAC_SHA2_384",
844 "HMAC_SHA2_512",
845 };
846
847 enum_names oakley_hash_names =
848 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
849
850 /* Oakley Authentication Method attribute */
851
852 static const char *const oakley_auth_name1[] = {
853 "pre-shared key",
854 "DSS signature",
855 "RSA signature",
856 "RSA encryption",
857 "RSA encryption revised",
858 "ElGamal encryption",
859 "ELGamal encryption revised",
860 "ECDSA signature",
861 "ECDSA-256 signature",
862 "ECDSA-384 signature",
863 "ECDSA-521-signature",
864 };
865
866 static const char *const oakley_auth_name2[] = {
867 "HybridInitRSA",
868 "HybridRespRSA",
869 "HybridInitDSS",
870 "HybridRespDSS",
871 };
872
873 static const char *const oakley_auth_name3[] = {
874 "XAUTHInitPreShared",
875 "XAUTHRespPreShared",
876 "XAUTHInitDSS",
877 "XAUTHRespDSS",
878 "XAUTHInitRSA",
879 "XAUTHRespRSA",
880 "XAUTHInitRSAEncryption",
881 "XAUTHRespRSAEncryption",
882 "XAUTHInitRSARevisedEncryption",
883 "XAUTHRespRSARevisedEncryption",
884 };
885
886 static enum_names oakley_auth_names1 =
887 { OAKLEY_PRESHARED_KEY, OAKLEY_ECDSA_521
888 , oakley_auth_name1, NULL };
889
890 static enum_names oakley_auth_names2 =
891 { HybridInitRSA, HybridRespDSS
892 , oakley_auth_name2, &oakley_auth_names1 };
893
894 enum_names oakley_auth_names =
895 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
896 , oakley_auth_name3, &oakley_auth_names2 };
897
898 /* Oakley Group Description attribute */
899
900 static const char *const oakley_group_name[] = {
901 "MODP_768",
902 "MODP_1024",
903 "GP_155",
904 "GP_185",
905 "MODP_1536",
906 };
907
908 static const char *const oakley_group_name_rfc3526[] = {
909 "MODP_2048",
910 "MODP_3072",
911 "MODP_4096",
912 "MODP_6144",
913 "MODP_8192"
914 };
915
916 static const char *const oakley_group_name_rfc4753[] = {
917 "ECP_256",
918 "ECP_384",
919 "ECP_521"
920 };
921
922 static const char *const oakley_group_name_rfc5114[] = {
923 "MODP_1024_160",
924 "MODP_2048_224",
925 "MODP_2048_256",
926 "ECP_192",
927 "ECP_224"
928 };
929
930 enum_names oakley_group_names_rfc5114 =
931 { MODP_1024_160, ECP_224_BIT,
932 oakley_group_name_rfc5114, NULL };
933
934 enum_names oakley_group_names_rfc4753 =
935 { ECP_256_BIT, ECP_521_BIT,
936 oakley_group_name_rfc4753, &oakley_group_names_rfc5114 };
937
938 enum_names oakley_group_names_rfc3526 =
939 { MODP_2048_BIT, MODP_8192_BIT,
940 oakley_group_name_rfc3526, &oakley_group_names_rfc4753 };
941
942 enum_names oakley_group_names =
943 { MODP_768_BIT, MODP_1536_BIT,
944 oakley_group_name, &oakley_group_names_rfc3526 };
945
946 /* Oakley Group Type attribute */
947
948 static const char *const oakley_group_type_name[] = {
949 "OAKLEY_GROUP_TYPE_MODP",
950 "OAKLEY_GROUP_TYPE_ECP",
951 "OAKLEY_GROUP_TYPE_EC2N",
952 };
953
954 enum_names oakley_group_type_names =
955 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
956
957 /* Notify messages -- error types */
958
959 static const char *const notification_name[] = {
960 "INVALID_PAYLOAD_TYPE",
961 "DOI_NOT_SUPPORTED",
962 "SITUATION_NOT_SUPPORTED",
963 "INVALID_COOKIE",
964 "INVALID_MAJOR_VERSION",
965 "INVALID_MINOR_VERSION",
966 "INVALID_EXCHANGE_TYPE",
967 "INVALID_FLAGS",
968 "INVALID_MESSAGE_ID",
969 "INVALID_PROTOCOL_ID",
970 "INVALID_SPI",
971 "INVALID_TRANSFORM_ID",
972 "ATTRIBUTES_NOT_SUPPORTED",
973 "NO_PROPOSAL_CHOSEN",
974 "BAD_PROPOSAL_SYNTAX",
975 "PAYLOAD_MALFORMED",
976 "INVALID_KEY_INFORMATION",
977 "INVALID_ID_INFORMATION",
978 "INVALID_CERT_ENCODING",
979 "INVALID_CERTIFICATE",
980 "CERT_TYPE_UNSUPPORTED",
981 "INVALID_CERT_AUTHORITY",
982 "INVALID_HASH_INFORMATION",
983 "AUTHENTICATION_FAILED",
984 "INVALID_SIGNATURE",
985 "ADDRESS_NOTIFICATION",
986 "NOTIFY_SA_LIFETIME",
987 "CERTIFICATE_UNAVAILABLE",
988 "UNSUPPORTED_EXCHANGE_TYPE",
989 "UNEQUAL_PAYLOAD_LENGTHS",
990 };
991
992 static const char *const notification_status_name[] = {
993 "CONNECTED",
994 };
995
996 static const char *const ipsec_notification_name[] = {
997 "IPSEC_RESPONDER_LIFETIME",
998 "IPSEC_REPLAY_STATUS",
999 "IPSEC_INITIAL_CONTACT",
1000 };
1001
1002 static const char *const notification_dpd_name[] = {
1003 "R_U_THERE",
1004 "R_U_THERE_ACK",
1005 };
1006
1007 static const char *const notification_juniper_name[] = {
1008 "NS_NHTB_INFORM",
1009 };
1010
1011 enum_names notification_juniper_names =
1012 { NS_NHTB_INFORM, NS_NHTB_INFORM,
1013 notification_juniper_name, NULL };
1014
1015 enum_names notification_dpd_names =
1016 { R_U_THERE, R_U_THERE_ACK,
1017 notification_dpd_name, &notification_juniper_names };
1018
1019 enum_names ipsec_notification_names =
1020 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
1021 ipsec_notification_name, &notification_dpd_names };
1022
1023 enum_names notification_status_names =
1024 { ISAKMP_CONNECTED, ISAKMP_CONNECTED,
1025 notification_status_name, &ipsec_notification_names };
1026
1027 enum_names notification_names =
1028 { ISAKMP_INVALID_PAYLOAD_TYPE, ISAKMP_UNEQUAL_PAYLOAD_LENGTHS,
1029 notification_name, &notification_status_names };
1030
1031 /* MODECFG
1032 * From draft-dukes-ike-mode-cfg
1033 */
1034 const char *const attr_msg_type_name[] = {
1035 "ISAKMP_CFG_RESERVED",
1036 "ISAKMP_CFG_REQUEST",
1037 "ISAKMP_CFG_REPLY",
1038 "ISAKMP_CFG_SET",
1039 "ISAKMP_CFG_ACK",
1040 NULL
1041 };
1042
1043 enum_names attr_msg_type_names =
1044 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1045
1046 /* socket address family info */
1047
1048 static const char *const af_inet_name[] = {
1049 "AF_INET",
1050 };
1051
1052 static const char *const af_inet6_name[] = {
1053 "AF_INET6",
1054 };
1055
1056 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1057
1058 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1059
1060 static ip_address ipv4_any, ipv6_any;
1061 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1062 static ip_subnet ipv4_all, ipv6_all;
1063
1064 const struct af_info af_inet4_info = {
1065 AF_INET,
1066 "AF_INET",
1067 sizeof(struct in_addr),
1068 sizeof(struct sockaddr_in),
1069 32,
1070 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1071 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1072 };
1073
1074 const struct af_info af_inet6_info = {
1075 AF_INET6,
1076 "AF_INET6",
1077 sizeof(struct in6_addr),
1078 sizeof(struct sockaddr_in6),
1079 128,
1080 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1081 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1082 };
1083
1084 const struct af_info *
1085 aftoinfo(int af)
1086 {
1087 switch (af)
1088 {
1089 case AF_INET:
1090 return &af_inet4_info;
1091 case AF_INET6:
1092 return &af_inet6_info;
1093 default:
1094 return NULL;
1095 }
1096 }
1097
1098 bool subnetisnone(const ip_subnet *sn)
1099 {
1100 ip_address base;
1101
1102 networkof(sn, &base);
1103 return isanyaddr(&base) && subnetishost(sn);
1104 }
1105
1106 /* BIND enumerated types */
1107
1108 #include <arpa/nameser.h>
1109
1110 static const char *const rr_type_name[] = {
1111 "T_A", /* 1 host address */
1112 "T_NS", /* 2 authoritative server */
1113 "T_MD", /* 3 mail destination */
1114 "T_MF", /* 4 mail forwarder */
1115 "T_CNAME", /* 5 canonical name */
1116 "T_SOA", /* 6 start of authority zone */
1117 "T_MB", /* 7 mailbox domain name */
1118 "T_MG", /* 8 mail group member */
1119 "T_MR", /* 9 mail rename name */
1120 "T_NULL", /* 10 null resource record */
1121 "T_WKS", /* 11 well known service */
1122 "T_PTR", /* 12 domain name pointer */
1123 "T_HINFO", /* 13 host information */
1124 "T_MINFO", /* 14 mailbox information */
1125 "T_MX", /* 15 mail routing information */
1126 "T_TXT", /* 16 text strings */
1127 "T_RP", /* 17 responsible person */
1128 "T_AFSDB", /* 18 AFS cell database */
1129 "T_X25", /* 19 X_25 calling address */
1130 "T_ISDN", /* 20 ISDN calling address */
1131 "T_RT", /* 21 router */
1132 "T_NSAP", /* 22 NSAP address */
1133 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1134 "T_SIG", /* 24 security signature */
1135 "T_KEY", /* 25 security key */
1136 "T_PX", /* 26 X.400 mail mapping */
1137 "T_GPOS", /* 27 geographical position (withdrawn) */
1138 "T_AAAA", /* 28 IP6 Address */
1139 "T_LOC", /* 29 Location Information */
1140 "T_NXT", /* 30 Next Valid Name in Zone */
1141 "T_EID", /* 31 Endpoint identifier */
1142 "T_NIMLOC", /* 32 Nimrod locator */
1143 "T_SRV", /* 33 Server selection */
1144 "T_ATMA", /* 34 ATM Address */
1145 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1146 NULL
1147 };
1148
1149 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1150
1151 /* Query type values which do not appear in resource records */
1152 static const char *const rr_qtype_name[] = {
1153 "T_IXFR", /* 251 incremental zone transfer */
1154 "T_AXFR", /* 252 transfer zone of authority */
1155 "T_MAILB", /* 253 transfer mailbox records */
1156 "T_MAILA", /* 254 transfer mail agent records */
1157 "T_ANY", /* 255 wildcard match */
1158 NULL
1159 };
1160
1161 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1162
1163 static const char *const rr_class_name[] = {
1164 "C_IN", /* 1 the arpa internet */
1165 NULL
1166 };
1167
1168 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1169
1170 /*
1171 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1172 *
1173 */
1174 const char *const natt_type_bitnames[] = {
1175 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1176 "draft-ietf-ipsec-nat-t-ike-02/03",
1177 "RFC 3947",
1178 "3", /* 3 */
1179 "4", "5", "6", "7",
1180 "8", "9", "10", "11",
1181 "12", "13", "14", "15",
1182 "16", "17", "18", "19",
1183 "20", "21", "22", "23",
1184 "24", "25", "26", "27",
1185 "28", "29",
1186 "nat is behind me",
1187 "nat is behind peer"
1188 };
1189
1190 /* look up enum names in an enum_names */
1191
1192 const char* enum_name(enum_names *ed, unsigned long val)
1193 {
1194 enum_names *p;
1195
1196 for (p = ed; p != NULL; p = p->en_next_range)
1197 {
1198 if (p->en_first <= val && val <= p->en_last)
1199 return p->en_names[val - p->en_first];
1200 }
1201 return NULL;
1202 }
1203
1204 /* find or construct a string to describe an enum value
1205 * Result may be in STATIC buffer!
1206 */
1207 const char *
1208 enum_show(enum_names *ed, unsigned long val)
1209 {
1210 const char *p = enum_name(ed, val);
1211
1212 if (p == NULL)
1213 {
1214 static char buf[12]; /* only one! I hope that it is big enough */
1215
1216 snprintf(buf, sizeof(buf), "%lu??", val);
1217 p = buf;
1218 }
1219 return p;
1220 }
1221
1222
1223 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1224
1225 int
1226 enum_search(enum_names *ed, const char *str)
1227 {
1228 enum_names *p;
1229 const char *ptr;
1230 unsigned en;
1231
1232 for (p = ed; p != NULL; p = p->en_next_range)
1233 {
1234 for (en = p->en_first; en <= p->en_last ;en++)
1235 {
1236 ptr = p->en_names[en - p->en_first];
1237 if (ptr == 0)
1238 {
1239 continue;
1240 }
1241 if (streq(ptr, str))
1242 {
1243 return en;
1244 }
1245 }
1246 }
1247 return -1;
1248 }
1249
1250 /* construct a string to name the bits on in a set
1251 * Result may be in STATIC buffer!
1252 * Note: prettypolicy depends on internal details.
1253 */
1254 const char* bitnamesof(const char *const table[], lset_t val)
1255 {
1256 char *p = bitnamesbuf;
1257 lset_t bit;
1258 const char *const *tp;
1259
1260 if (val == 0)
1261 return "none";
1262
1263 for (tp = table, bit = 01; val != 0; bit <<= 1)
1264 {
1265 if (val & bit)
1266 {
1267 const char *n = *tp;
1268 size_t nl;
1269
1270 if (n == NULL || *n == '\0')
1271 {
1272 /* no name for this bit, so use hex */
1273 static char flagbuf[sizeof("0x80000000")];
1274
1275 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1276 n = flagbuf;
1277 }
1278
1279 nl = strlen(n);
1280
1281 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1282 *p++ = '+';
1283
1284 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1285 {
1286 strcpy(p, n);
1287 p += nl;
1288 }
1289 val -= bit;
1290 }
1291 if (*tp != NULL)
1292 tp++; /* move on, but not past end */
1293 }
1294 *p = '\0';
1295 return bitnamesbuf;
1296 }
1297
1298 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1299 * Suppress the shunt and fail fields if 0.
1300 */
1301 const char* prettypolicy(lset_t policy)
1302 {
1303 const char *bn = bitnamesof(sa_policy_bit_names
1304 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1305 size_t len;
1306 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1307 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1308
1309 if (bn != bitnamesbuf)
1310 bitnamesbuf[0] = '\0';
1311 len = strlen(bitnamesbuf);
1312 if (shunt != 0)
1313 {
1314 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1315 , policy_shunt_names[shunt]);
1316 len += strlen(bitnamesbuf + len);
1317 }
1318 if (fail != 0)
1319 {
1320 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1321 , policy_fail_names[fail]);
1322 len += strlen(bitnamesbuf + len);
1323 }
1324 if (NEVER_NEGOTIATE(policy))
1325 {
1326 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1327 len += strlen(bitnamesbuf + len);
1328 }
1329 return bitnamesbuf;
1330 }
1331
1332 /* test a set by seeing if all bits have names */
1333
1334 bool testset(const char *const table[], lset_t val)
1335 {
1336 lset_t bit;
1337 const char *const *tp;
1338
1339 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1340 {
1341 const char *n = *tp;
1342
1343 if (n == NULL || ((val & bit) && *n == '\0'))
1344 return FALSE;
1345 val &= ~bit;
1346 }
1347 return TRUE;
1348 }
1349
1350
1351 const char sparse_end[] = "end of sparse names";
1352
1353 /* look up enum names in a sparse_names */
1354 const char *sparse_name(sparse_names sd, unsigned long val)
1355 {
1356 const struct sparse_name *p;
1357
1358 for (p = sd; p->name != sparse_end; p++)
1359 if (p->val == val)
1360 return p->name;
1361 return NULL;
1362 }
1363
1364 /* find or construct a string to describe an sparse value
1365 * Result may be in STATIC buffer!
1366 */
1367 const char* sparse_val_show(sparse_names sd, unsigned long val)
1368 {
1369 const char *p = sparse_name(sd, val);
1370
1371 if (p == NULL)
1372 {
1373 static char buf[12]; /* only one! I hope that it is big enough */
1374
1375 snprintf(buf, sizeof(buf), "%lu??", val);
1376 p = buf;
1377 }
1378 return p;
1379 }
1380
1381 void init_constants(void)
1382 {
1383 happy(anyaddr(AF_INET, &ipv4_any));
1384 happy(anyaddr(AF_INET6, &ipv6_any));
1385
1386 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1387 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1388
1389 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1390 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1391 }
1392
1393 u_char secret_of_the_day[HASH_SIZE_SHA1];
1394
1395