updated list of ESP and AH algorithms
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id$
15 */
16
17 /*
18 * Note that the array sizes are all specified; this is to enable range
19 * checking by code that only includes constants.h.
20 */
21
22 #include <stddef.h>
23 #include <string.h>
24 #include <stdio.h>
25 #include <netinet/in.h>
26
27 #include <freeswan.h>
28 #include <ipsec_policy.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef LIBCURL
42 " LIBCURL"
43 #endif
44 #ifdef LIBLDAP
45 " LIBLDAP"
46 #endif
47 #ifdef SMARTCARD
48 " SMARTCARD"
49 #endif
50 #ifdef VENDORID
51 " VENDORID"
52 #endif
53 #ifdef CISCO_QUIRKS
54 " CISCO_QUIRKS"
55 #endif
56 #ifdef USE_KEYRR
57 " KEYRR"
58 #endif
59 ;
60
61 /* version */
62
63 static const char *const version_name[] = {
64 "ISAKMP Version 1.0",
65 };
66
67 enum_names version_names =
68 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
69 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
70 version_name, NULL };
71
72 /* RFC 2459 CRL reason codes */
73
74 static const char *const crl_reason_name[] = {
75 "unspecified",
76 "key compromise",
77 "ca compromise",
78 "affiliation changed",
79 "superseded",
80 "cessation of operation",
81 "certificate hold",
82 "reason #7",
83 "remove from crl"
84 };
85
86 enum_names crl_reason_names =
87 { REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL, crl_reason_name, NULL};
88
89 /* RFC 3706 Dead Peer Detection */
90
91 static const char *const dpd_action_name[] = {
92 "none",
93 "clear",
94 "hold",
95 "restart"
96 };
97
98 enum_names dpd_action_names =
99 { DPD_ACTION_NONE, DPD_ACTION_RESTART, dpd_action_name, NULL};
100
101 /* Timer events */
102
103 static const char *const timer_event_name[] = {
104 "EVENT_NULL",
105 "EVENT_REINIT_SECRET",
106 "EVENT_SHUNT_SCAN",
107 "EVENT_SO_DISCARD",
108 "EVENT_RETRANSMIT",
109 "EVENT_SA_REPLACE",
110 "EVENT_SA_REPLACE_IF_USED",
111 "EVENT_SA_EXPIRE",
112 "EVENT_NAT_T_KEEPALIVE",
113 "EVENT_DPD",
114 "EVENT_DPD_TIMEOUT",
115 "EVENT_LOG_DAILY"
116 };
117
118 enum_names timer_event_names =
119 { EVENT_NULL, EVENT_LOG_DAILY, timer_event_name, NULL };
120
121 /* Domain of Interpretation */
122
123 static const char *const doi_name[] = {
124 "ISAKMP_DOI_ISAKMP",
125 "ISAKMP_DOI_IPSEC",
126 };
127
128 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
129
130 /* debugging settings: a set of selections for reporting
131 * These would be more naturally situated in log.h,
132 * but they are shared with whack.
133 * It turns out that "debug-" is clutter in all contexts this is used,
134 * so we leave it off.
135 */
136 #ifdef DEBUG
137 const char *const debug_bit_names[] = {
138 "raw",
139 "crypt",
140 "parsing",
141 "emitting",
142 "control",
143 "lifecycle",
144 "klips",
145 "dns",
146 "natt",
147 "oppo",
148 "controlmore",
149
150 "private",
151
152 "impair-delay-adns-key-answer",
153 "impair-delay-adns-txt-answer",
154 "impair-bust-mi2",
155 "impair-bust-mr2",
156
157 NULL
158 };
159 #endif
160
161 /* State of exchanges */
162
163 static const char *const state_name[] = {
164 "STATE_MAIN_R0",
165 "STATE_MAIN_I1",
166 "STATE_MAIN_R1",
167 "STATE_MAIN_I2",
168 "STATE_MAIN_R2",
169 "STATE_MAIN_I3",
170 "STATE_MAIN_R3",
171 "STATE_MAIN_I4",
172
173 "STATE_QUICK_R0",
174 "STATE_QUICK_I1",
175 "STATE_QUICK_R1",
176 "STATE_QUICK_I2",
177 "STATE_QUICK_R2",
178
179 "STATE_INFO",
180 "STATE_INFO_PROTECTED",
181
182 "STATE_XAUTH_I0",
183 "STATE_XAUTH_R1",
184 "STATE_XAUTH_I1",
185 "STATE_XAUTH_R2",
186 "STATE_XAUTH_I2",
187 "STATE_XAUTH_R3",
188
189 "STATE_MODE_CFG_R0",
190 "STATE_MODE_CFG_I1",
191 "STATE_MODE_CFG_R1",
192 "STATE_MODE_CFG_I2",
193
194 "STATE_MODE_CFG_I0",
195 "STATE_MODE_CFG_R3",
196 "STATE_MODE_CFG_I3",
197 "STATE_MODE_CFG_R4",
198
199 "STATE_IKE_ROOF"
200 };
201
202 enum_names state_names =
203 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
204
205 /* story for state */
206
207 const char *const state_story[] = {
208 "expecting MI1", /* STATE_MAIN_R0 */
209 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
210 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
211 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
212 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
213 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
214 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
215 "ISAKMP SA established", /* STATE_MAIN_I4 */
216
217 "expecting QI1", /* STATE_QUICK_R0 */
218 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
219 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
220 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
221 "IPsec SA established", /* STATE_QUICK_R2 */
222
223 "got Informational Message in clear", /* STATE_INFO */
224 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
225
226 "expecting XAUTH request", /* STATE_XAUTH_I0 */
227 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
228 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
229 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
230 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
231 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
232
233 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
234 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
235 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
236 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
237
238 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
239 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
240 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
241 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
242 };
243
244 /* kind of struct connection */
245
246 static const char *const connection_kind_name[] = {
247 "CK_GROUP", /* policy group: instantiates to template */
248 "CK_TEMPLATE", /* abstract connection, with wildcard */
249 "CK_PERMANENT", /* normal connection */
250 "CK_INSTANCE", /* instance of template, created for a particular attempt */
251 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
252 };
253
254 enum_names connection_kind_names =
255 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
256
257 /* routing status names */
258
259 static const char *const routing_story_strings[] = {
260 "unrouted", /* RT_UNROUTED: unrouted */
261 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
262 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
263 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
264 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
265 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
266 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
267 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
268 };
269
270 enum_names routing_story =
271 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
272
273 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
274
275 const char *const payload_name[] = {
276 "ISAKMP_NEXT_NONE",
277 "ISAKMP_NEXT_SA",
278 "ISAKMP_NEXT_P",
279 "ISAKMP_NEXT_T",
280 "ISAKMP_NEXT_KE",
281 "ISAKMP_NEXT_ID",
282 "ISAKMP_NEXT_CERT",
283 "ISAKMP_NEXT_CR",
284 "ISAKMP_NEXT_HASH",
285 "ISAKMP_NEXT_SIG",
286 "ISAKMP_NEXT_NONCE",
287 "ISAKMP_NEXT_N",
288 "ISAKMP_NEXT_D",
289 "ISAKMP_NEXT_VID",
290 "ISAKMP_NEXT_MODECFG",
291 "ISAKMP_NEXT_15",
292 "ISAKMP_NEXT_16",
293 "ISAKMP_NEXT_17",
294 "ISAKMP_NEXT_18",
295 "ISAKMP_NEXT_19",
296 "ISAKMP_NEXT_NAT-D",
297 "ISAKMP_NEXT_NAT-OA",
298 NULL
299 };
300
301 const char *const payload_name_nat_d[] = { "ISAKMP_NEXT_NAT-D",
302 "ISAKMP_NEXT_NAT-OA", NULL };
303
304 static enum_names payload_names_nat_d =
305 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
306
307 enum_names payload_names =
308 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
309
310 /* Exchange types (note: two discontinuous ranges) */
311
312 static const char *const exchange_name[] = {
313 "ISAKMP_XCHG_NONE",
314 "ISAKMP_XCHG_BASE",
315 "ISAKMP_XCHG_IDPROT",
316 "ISAKMP_XCHG_AO",
317 "ISAKMP_XCHG_AGGR",
318 "ISAKMP_XCHG_INFO",
319 "ISAKMP_XCHG_MODE_CFG",
320 };
321
322 static const char *const exchange_name2[] = {
323 "ISAKMP_XCHG_QUICK",
324 "ISAKMP_XCHG_NGRP",
325 "ISAKMP_XCHG_ACK_INFO",
326 };
327
328 static enum_names exchange_desc2 =
329 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
330
331 enum_names exchange_names =
332 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
333
334 /* Flag BITS */
335 const char *const flag_bit_names[] = {
336 "ISAKMP_FLAG_ENCRYPTION",
337 "ISAKMP_FLAG_COMMIT",
338 NULL
339 };
340
341 /* Situation BITS definition for IPsec DOI */
342
343 const char *const sit_bit_names[] = {
344 "SIT_IDENTITY_ONLY",
345 "SIT_SECRECY",
346 "SIT_INTEGRITY",
347 NULL
348 };
349
350 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
351
352 static const char *const protocol_name[] = {
353 "PROTO_ISAKMP",
354 "PROTO_IPSEC_AH",
355 "PROTO_IPSEC_ESP",
356 "PROTO_IPCOMP",
357 };
358
359 enum_names protocol_names =
360 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
361
362 /* IPsec ISAKMP transform values */
363
364 static const char *const isakmp_transform_name[] = {
365 "KEY_IKE",
366 };
367
368 enum_names isakmp_transformid_names =
369 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
370
371 /* IPsec AH transform values */
372
373 static const char *const ah_transform_name[] = {
374 "AH_MD5",
375 "AH_SHA",
376 "AH_DES",
377 "AH_SHA2_256",
378 "AH_SHA2_384",
379 "AH_SHA2_512",
380 "AH_RIPEMD",
381 "AH_AES_XCBC_MAC",
382 "AH_RSA"
383 };
384
385 enum_names ah_transformid_names =
386 { AH_MD5, AH_RSA, ah_transform_name, NULL };
387
388 /* IPsec ESP transform values */
389
390 static const char *const esp_transform_name[] = {
391 "ESP_DES_IV64",
392 "ESP_DES",
393 "ESP_3DES",
394 "ESP_RC5",
395 "ESP_IDEA",
396 "ESP_CAST",
397 "ESP_BLOWFISH",
398 "ESP_3IDEA",
399 "ESP_DES_IV32",
400 "ESP_RC4",
401 "ESP_NULL",
402 "ESP_AES",
403 "ESP_AES-CTR",
404 "ESP_AES-CCM_8",
405 "ESP_AES-CCM_12",
406 "ESP_AES-CCM_16",
407 "ESP_UNASSIGNED_17",
408 "ESP_AES_GCM_8",
409 "ESP_AES_GCM_12",
410 "ESP_AES_GCM_16",
411 "ESP_SEED_CBC",
412 "ESP_CAMELLIA"
413 };
414
415 /*
416 * ipsec drafts suggest "high" ESP ids values for testing,
417 * assign generic ESP_ID<num> if not officially defined
418 */
419 static const char *const esp_transform_name_high[] = {
420 "ESP_SERPENT",
421 "ESP_TWOFISH"
422 };
423
424 enum_names esp_transformid_names_high =
425 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
426
427 enum_names esp_transformid_names =
428 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
429
430 /* IPCOMP transform values */
431
432 static const char *const ipcomp_transform_name[] = {
433 "IPCOMP_OUI",
434 "IPCOMP_DEFLAT",
435 "IPCOMP_LZS",
436 "IPCOMP_LZJH",
437 };
438
439 enum_names ipcomp_transformid_names =
440 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
441
442 /* Identification type values */
443
444 static const char *const ident_name[] = {
445 "ID_IPV4_ADDR",
446 "ID_FQDN",
447 "ID_USER_FQDN",
448 "ID_IPV4_ADDR_SUBNET",
449 "ID_IPV6_ADDR",
450 "ID_IPV6_ADDR_SUBNET",
451 "ID_IPV4_ADDR_RANGE",
452 "ID_IPV6_ADDR_RANGE",
453 "ID_DER_ASN1_DN",
454 "ID_DER_ASN1_GN",
455 "ID_KEY_ID",
456 };
457
458 enum_names ident_names =
459 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
460
461 /* Certificate type values */
462
463 static const char *const cert_type_name[] = {
464 "CERT_NONE",
465 "CERT_PKCS7_WRAPPED_X509",
466 "CERT_PGP",
467 "CERT_DNS_SIGNED_KEY",
468 "CERT_X509_SIGNATURE",
469 "CERT_X509_KEY_EXCHANGE",
470 "CERT_KERBEROS_TOKENS",
471 "CERT_CRL",
472 "CERT_ARL",
473 "CERT_SPKI",
474 "CERT_X509_ATTRIBUTE",
475 };
476
477 enum_names cert_type_names =
478 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
479
480 /* Certificate policy names */
481
482 static const char *const cert_policy_name[] = {
483 "ALWAYS_SEND",
484 "SEND_IF_ASKED",
485 "NEVER_SEND",
486 };
487
488 enum_names cert_policy_names =
489 { CERT_ALWAYS_SEND, CERT_NEVER_SEND, cert_policy_name, NULL };
490
491 /* Goal BITs for establishing an SA
492 * Note: we drop the POLICY_ prefix so that logs are more concise.
493 */
494
495 const char *const sa_policy_bit_names[] = {
496 "PSK",
497 "RSASIG",
498 "ENCRYPT",
499 "AUTHENTICATE",
500 "COMPRESS",
501 "TUNNEL",
502 "PFS",
503 "DISABLEARRIVALCHECK",
504 "SHUNT0",
505 "SHUNT1",
506 "FAILSHUNT0",
507 "FAILSHUNT1",
508 "DONTREKEY",
509 "OPPORTUNISTIC",
510 "GROUP",
511 "GROUTED",
512 "UP",
513 "MODECFGPUSH",
514 "XAUTHPSK",
515 "XAUTHRSASIG",
516 "XAUTHSERVER",
517 "DONTREAUTH",
518 "BEET",
519 "MOBIKE",
520 NULL
521 };
522
523 const char *const policy_shunt_names[4] = {
524 "TRAP",
525 "PASS",
526 "DROP",
527 "REJECT",
528 };
529
530 const char *const policy_fail_names[4] = {
531 "NONE",
532 "PASS",
533 "DROP",
534 "REJECT",
535 };
536
537 /* Oakley transform attributes
538 * oakley_attr_bit_names does double duty: it is used for enum names
539 * and bit names.
540 */
541
542 const char *const oakley_attr_bit_names[] = {
543 "OAKLEY_ENCRYPTION_ALGORITHM",
544 "OAKLEY_HASH_ALGORITHM",
545 "OAKLEY_AUTHENTICATION_METHOD",
546 "OAKLEY_GROUP_DESCRIPTION",
547 "OAKLEY_GROUP_TYPE",
548 "OAKLEY_GROUP_PRIME",
549 "OAKLEY_GROUP_GENERATOR_ONE",
550 "OAKLEY_GROUP_GENERATOR_TWO",
551 "OAKLEY_GROUP_CURVE_A",
552 "OAKLEY_GROUP_CURVE_B",
553 "OAKLEY_LIFE_TYPE",
554 "OAKLEY_LIFE_DURATION",
555 "OAKLEY_PRF",
556 "OAKLEY_KEY_LENGTH",
557 "OAKLEY_FIELD_SIZE",
558 "OAKLEY_GROUP_ORDER",
559 "OAKLEY_BLOCK_SIZE",
560 NULL
561 };
562
563 static const char *const oakley_var_attr_name[] = {
564 "OAKLEY_GROUP_PRIME (variable length)",
565 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
566 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
567 "OAKLEY_GROUP_CURVE_A (variable length)",
568 "OAKLEY_GROUP_CURVE_B (variable length)",
569 NULL,
570 "OAKLEY_LIFE_DURATION (variable length)",
571 NULL,
572 NULL,
573 NULL,
574 "OAKLEY_GROUP_ORDER (variable length)",
575 };
576
577 static enum_names oakley_attr_desc_tv = {
578 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
579 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
580
581 enum_names oakley_attr_names = {
582 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
583 oakley_var_attr_name, &oakley_attr_desc_tv };
584
585 /* for each Oakley attribute, which enum_names describes its values? */
586 enum_names *oakley_attr_val_descs[] = {
587 NULL, /* (none) */
588 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
589 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
590 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
591 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
592 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
593 NULL, /* OAKLEY_GROUP_PRIME */
594 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
595 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
596 NULL, /* OAKLEY_GROUP_CURVE_A */
597 NULL, /* OAKLEY_GROUP_CURVE_B */
598 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
599 NULL, /* OAKLEY_LIFE_DURATION */
600 &oakley_prf_names, /* OAKLEY_PRF */
601 NULL, /* OAKLEY_KEY_LENGTH */
602 NULL, /* OAKLEY_FIELD_SIZE */
603 NULL, /* OAKLEY_GROUP_ORDER */
604 };
605
606 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
607
608 static const char *const ipsec_attr_name[] = {
609 "SA_LIFE_TYPE",
610 "SA_LIFE_DURATION",
611 "GROUP_DESCRIPTION",
612 "ENCAPSULATION_MODE",
613 "AUTH_ALGORITHM",
614 "KEY_LENGTH",
615 "KEY_ROUNDS",
616 "COMPRESS_DICT_SIZE",
617 "COMPRESS_PRIVATE_ALG",
618 };
619
620 static const char *const ipsec_var_attr_name[] = {
621 "SA_LIFE_DURATION (variable length)",
622 NULL,
623 NULL,
624 NULL,
625 NULL,
626 NULL,
627 NULL,
628 "COMPRESS_PRIVATE_ALG (variable length)",
629 };
630
631 static enum_names ipsec_attr_desc_tv = {
632 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
633 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
634 ipsec_attr_name, NULL };
635
636 enum_names ipsec_attr_names = {
637 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
638 ipsec_var_attr_name, &ipsec_attr_desc_tv };
639
640 /* for each IPsec attribute, which enum_names describes its values? */
641 enum_names *ipsec_attr_val_descs[] = {
642 NULL, /* (none) */
643 &sa_lifetime_names, /* SA_LIFE_TYPE */
644 NULL, /* SA_LIFE_DURATION */
645 &oakley_group_names, /* GROUP_DESCRIPTION */
646 &enc_mode_names, /* ENCAPSULATION_MODE */
647 &auth_alg_names, /* AUTH_ALGORITHM */
648 NULL, /* KEY_LENGTH */
649 NULL, /* KEY_ROUNDS */
650 NULL, /* COMPRESS_DICT_SIZE */
651 NULL, /* COMPRESS_PRIVATE_ALG */
652 };
653
654 /* SA Lifetime Type attribute */
655
656 static const char *const sa_lifetime_name[] = {
657 "SA_LIFE_TYPE_SECONDS",
658 "SA_LIFE_TYPE_KBYTES",
659 };
660
661 enum_names sa_lifetime_names =
662 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
663
664 /* Encapsulation Mode attribute */
665
666 static const char *const enc_mode_name[] = {
667 "ENCAPSULATION_MODE_TUNNEL",
668 "ENCAPSULATION_MODE_TRANSPORT",
669 "ENCAPSULATION_MODE_UDP_TUNNEL",
670 "ENCAPSULATION_MODE_UDP_TRANSPORT",
671 };
672
673 static const char *const enc_udp_mode_name[] = {
674 "ENCAPSULATION_MODE_UDP_TUNNEL",
675 "ENCAPSULATION_MODE_UDP_TRANSPORT",
676 };
677
678 static enum_names enc_udp_mode_names =
679 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
680
681 enum_names enc_mode_names =
682 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
683
684 /* Auth Algorithm attribute */
685
686 static const char *const auth_alg_name[] = {
687 "AUTH_ALGORITHM_HMAC_MD5",
688 "AUTH_ALGORITHM_HMAC_SHA1",
689 "AUTH_ALGORITHM_DES_MAC",
690 "AUTH_ALGORITHM_KPDK",
691 "AUTH_ALGORITHM_HMAC_SHA2_256",
692 "AUTH_ALGORITHM_HMAC_SHA2_384",
693 "AUTH_ALGORITHM_HMAC_SHA2_512",
694 "AUTH_ALGORITHM_HMAC_RIPEMD",
695 "AUTH_ALGORITHM_AES_XCBC_MAC",
696 "AUTH_ALGORITHM_SIG_RSA"
697 };
698
699 static const char *const extended_auth_alg_name[] = {
700 "AUTH_ALGORITHM_NULL"
701 };
702
703 enum_names extended_auth_alg_names =
704 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
705
706 enum_names auth_alg_names =
707 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
708 , &extended_auth_alg_names };
709
710 /* From draft-beaulieu-ike-xauth */
711 static const char *const xauth_type_name[] = {
712 "Generic",
713 "RADIUS-CHAP",
714 "OTP",
715 "S/KEY",
716 };
717
718 enum_names xauth_type_names =
719 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
720
721 /* From draft-beaulieu-ike-xauth */
722 static const char *const xauth_attr_tv_name[] = {
723 "XAUTH_TYPE",
724 NULL,
725 NULL,
726 NULL,
727 NULL,
728 NULL,
729 NULL,
730 "XAUTH_STATUS",
731 };
732
733 enum_names xauth_attr_tv_names = {
734 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
735 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
736
737 static const char *const unity_attr_name[] = {
738 "UNITY_BANNER",
739 "UNITY_SAVE_PASSWD",
740 "UNITY_DEF_DOMAIN",
741 "UNITY_SPLITDNS_NAME",
742 "UNITY_SPLIT_INCLUDE",
743 "UNITY_NATT_PORT",
744 "UNITY_LOCAL_LAN",
745 "UNITY_PFS",
746 "UNITY_FW_TYPE",
747 "UNITY_BACKUP_SERVERS",
748 "UNITY_DDNS_HOSTNAME",
749 };
750
751 enum_names unity_attr_names =
752 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
753
754
755 static const char *const xauth_attr_name[] = {
756 "XAUTH_USER_NAME",
757 "XAUTH_USER_PASSWORD",
758 "XAUTH_PASSCODE",
759 "XAUTH_MESSAGE",
760 "XAUTH_CHALLENGE",
761 "XAUTH_DOMAIN",
762 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
763 "XAUTH_NEXT_PIN",
764 "XAUTH_ANSWER",
765 };
766
767 enum_names xauth_attr_names =
768 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &unity_attr_names };
769
770 static const char *const modecfg_attr_name[] = {
771 "INTERNAL_IP4_ADDRESS",
772 "INTERNAL_IP4_NETMASK",
773 "INTERNAL_IP4_DNS",
774 "INTERNAL_IP4_NBNS",
775 "INTERNAL_ADDRESS_EXPIRY",
776 "INTERNAL_IP4_DHCP",
777 "APPLICATION_VERSION",
778 "INTERNAL_IP6_ADDRESS",
779 "INTERNAL_IP6_NETMASK",
780 "INTERNAL_IP6_DNS",
781 "INTERNAL_IP6_NBNS",
782 "INTERNAL_IP6_DHCP",
783 "INTERNAL_IP4_SUBNET",
784 "SUPPORTED_ATTRIBUTES",
785 "INTERNAL_IP6_SUBNET",
786 };
787
788 enum_names modecfg_attr_names =
789 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
790
791 /* Oakley Lifetime Type attribute */
792
793 static const char *const oakley_lifetime_name[] = {
794 "OAKLEY_LIFE_SECONDS",
795 "OAKLEY_LIFE_KILOBYTES",
796 };
797
798 enum_names oakley_lifetime_names =
799 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
800
801 /* Oakley PRF attribute (none defined) */
802
803 enum_names oakley_prf_names =
804 { 1, 0, NULL, NULL };
805
806 /* Oakley Encryption Algorithm attribute */
807
808 static const char *const oakley_enc_name[] = {
809 "OAKLEY_DES_CBC",
810 "OAKLEY_IDEA_CBC",
811 "OAKLEY_BLOWFISH_CBC",
812 "OAKLEY_RC5_R16_B64_CBC",
813 "OAKLEY_3DES_CBC",
814 "OAKLEY_CAST_CBC",
815 "OAKLEY_AES_CBC",
816 };
817
818 #ifdef NO_EXTRA_IKE
819 enum_names oakley_enc_names =
820 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name, NULL };
821 #else
822 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
823 "OAKLEY_MARS_CBC" /* 65001 */,
824 "OAKLEY_RC6_CBC" /* 65002 */,
825 "OAKLEY_ID_65003" /* 65003 */,
826 "OAKLEY_SERPENT_CBC" /* 65004 */,
827 "OAKLEY_TWOFISH_CBC" /* 65005 */,
828 };
829 static const char *const oakley_enc_name_ssh[] = {
830 "OAKLEY_TWOFISH_CBC_SSH",
831 };
832 enum_names oakley_enc_names_ssh =
833 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
834 , NULL };
835
836 enum_names oakley_enc_names_draft_aes_cbc_02 =
837 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
838 , &oakley_enc_names_ssh };
839
840 enum_names oakley_enc_names =
841 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name
842 , &oakley_enc_names_draft_aes_cbc_02 };
843 #endif
844
845 /* Oakley Hash Algorithm attribute */
846
847 static const char *const oakley_hash_name[] = {
848 "OAKLEY_MD5",
849 "OAKLEY_SHA",
850 "OAKLEY_TIGER",
851 "OAKLEY_SHA2_256",
852 "OAKLEY_SHA2_384",
853 "OAKLEY_SHA2_512",
854 };
855
856 enum_names oakley_hash_names =
857 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
858
859 /* Oakley Authentication Method attribute */
860
861 static const char *const oakley_auth_name1[] = {
862 "OAKLEY_PRESHARED_KEY",
863 "OAKLEY_DSS_SIG",
864 "OAKLEY_RSA_SIG",
865 "OAKLEY_RSA_ENC",
866 "OAKLEY_RSA_ENC_REV",
867 "OAKLEY_ELGAMAL_ENC",
868 "OAKLEY_ELGAMAL_ENC_REV",
869 };
870
871 static const char *const oakley_auth_name2[] = {
872 "HybridInitRSA",
873 "HybridRespRSA",
874 "HybridInitDSS",
875 "HybridRespDSS",
876 };
877
878 static const char *const oakley_auth_name3[] = {
879 "XAUTHInitPreShared",
880 "XAUTHRespPreShared",
881 "XAUTHInitDSS",
882 "XAUTHRespDSS",
883 "XAUTHInitRSA",
884 "XAUTHRespRSA",
885 "XAUTHInitRSAEncryption",
886 "XAUTHRespRSAEncryption",
887 "XAUTHInitRSARevisedEncryption",
888 "XAUTHRespRSARevisedEncryption",
889 };
890
891 static enum_names oakley_auth_names1 =
892 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
893 , oakley_auth_name1, NULL };
894
895 static enum_names oakley_auth_names2 =
896 { HybridInitRSA, HybridRespDSS
897 , oakley_auth_name2, &oakley_auth_names1 };
898
899 enum_names oakley_auth_names =
900 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
901 , oakley_auth_name3, &oakley_auth_names2 };
902
903 /* Oakley Group Description attribute */
904
905 static const char *const oakley_group_name[] = {
906 "OAKLEY_GROUP_MODP768",
907 "OAKLEY_GROUP_MODP1024",
908 "OAKLEY_GROUP_GP155",
909 "OAKLEY_GROUP_GP185",
910 "OAKLEY_GROUP_MODP1536",
911 };
912
913 static const char *const oakley_group_name_rfc3526[] = {
914 "OAKLEY_GROUP_MODP2048",
915 "OAKLEY_GROUP_MODP3072",
916 "OAKLEY_GROUP_MODP4096",
917 "OAKLEY_GROUP_MODP6144",
918 "OAKLEY_GROUP_MODP8192"
919 };
920 enum_names oakley_group_names_rfc3526 =
921 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
922 oakley_group_name_rfc3526, NULL };
923
924 enum_names oakley_group_names =
925 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
926 oakley_group_name, &oakley_group_names_rfc3526 };
927
928 /* Oakley Group Type attribute */
929
930 static const char *const oakley_group_type_name[] = {
931 "OAKLEY_GROUP_TYPE_MODP",
932 "OAKLEY_GROUP_TYPE_ECP",
933 "OAKLEY_GROUP_TYPE_EC2N",
934 };
935
936 enum_names oakley_group_type_names =
937 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
938
939 /* Notify messages -- error types */
940
941 static const char *const notification_name[] = {
942 "INVALID_PAYLOAD_TYPE",
943 "DOI_NOT_SUPPORTED",
944 "SITUATION_NOT_SUPPORTED",
945 "INVALID_COOKIE",
946 "INVALID_MAJOR_VERSION",
947 "INVALID_MINOR_VERSION",
948 "INVALID_EXCHANGE_TYPE",
949 "INVALID_FLAGS",
950 "INVALID_MESSAGE_ID",
951 "INVALID_PROTOCOL_ID",
952 "INVALID_SPI",
953 "INVALID_TRANSFORM_ID",
954 "ATTRIBUTES_NOT_SUPPORTED",
955 "NO_PROPOSAL_CHOSEN",
956 "BAD_PROPOSAL_SYNTAX",
957 "PAYLOAD_MALFORMED",
958 "INVALID_KEY_INFORMATION",
959 "INVALID_ID_INFORMATION",
960 "INVALID_CERT_ENCODING",
961 "INVALID_CERTIFICATE",
962 "CERT_TYPE_UNSUPPORTED",
963 "INVALID_CERT_AUTHORITY",
964 "INVALID_HASH_INFORMATION",
965 "AUTHENTICATION_FAILED",
966 "INVALID_SIGNATURE",
967 "ADDRESS_NOTIFICATION",
968 "NOTIFY_SA_LIFETIME",
969 "CERTIFICATE_UNAVAILABLE",
970 "UNSUPPORTED_EXCHANGE_TYPE",
971 "UNEQUAL_PAYLOAD_LENGTHS",
972 };
973
974 static const char *const notification_status_name[] = {
975 "CONNECTED",
976 };
977
978 static const char *const ipsec_notification_name[] = {
979 "IPSEC_RESPONDER_LIFETIME",
980 "IPSEC_REPLAY_STATUS",
981 "IPSEC_INITIAL_CONTACT",
982 };
983
984 static const char *const notification_dpd_name[] = {
985 "R_U_THERE",
986 "R_U_THERE_ACK",
987 };
988
989 enum_names notification_dpd_names =
990 { R_U_THERE, R_U_THERE_ACK,
991 notification_dpd_name, NULL };
992
993 enum_names ipsec_notification_names =
994 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
995 ipsec_notification_name, &notification_dpd_names };
996
997 enum_names notification_status_names =
998 { CONNECTED, CONNECTED,
999 notification_status_name, &ipsec_notification_names };
1000
1001 enum_names notification_names =
1002 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
1003 notification_name, &notification_status_names };
1004
1005 /* MODECFG
1006 * From draft-dukes-ike-mode-cfg
1007 */
1008 const char *const attr_msg_type_name[] = {
1009 "ISAKMP_CFG_RESERVED",
1010 "ISAKMP_CFG_REQUEST",
1011 "ISAKMP_CFG_REPLY",
1012 "ISAKMP_CFG_SET",
1013 "ISAKMP_CFG_ACK",
1014 NULL
1015 };
1016
1017 enum_names attr_msg_type_names =
1018 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1019
1020 /* socket address family info */
1021
1022 static const char *const af_inet_name[] = {
1023 "AF_INET",
1024 };
1025
1026 static const char *const af_inet6_name[] = {
1027 "AF_INET6",
1028 };
1029
1030 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1031
1032 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1033
1034 static ip_address ipv4_any, ipv6_any;
1035 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1036 static ip_subnet ipv4_all, ipv6_all;
1037
1038 const struct af_info af_inet4_info = {
1039 AF_INET,
1040 "AF_INET",
1041 sizeof(struct in_addr),
1042 sizeof(struct sockaddr_in),
1043 32,
1044 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1045 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1046 };
1047
1048 const struct af_info af_inet6_info = {
1049 AF_INET6,
1050 "AF_INET6",
1051 sizeof(struct in6_addr),
1052 sizeof(struct sockaddr_in6),
1053 128,
1054 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1055 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1056 };
1057
1058 const struct af_info *
1059 aftoinfo(int af)
1060 {
1061 switch (af)
1062 {
1063 case AF_INET:
1064 return &af_inet4_info;
1065 case AF_INET6:
1066 return &af_inet6_info;
1067 default:
1068 return NULL;
1069 }
1070 }
1071
1072 bool
1073 subnetisnone(const ip_subnet *sn)
1074 {
1075 ip_address base;
1076
1077 networkof(sn, &base);
1078 return isanyaddr(&base) && subnetishost(sn);
1079 }
1080
1081 /* BIND enumerated types */
1082
1083 #include <arpa/nameser.h>
1084
1085 static const char *const rr_type_name[] = {
1086 "T_A", /* 1 host address */
1087 "T_NS", /* 2 authoritative server */
1088 "T_MD", /* 3 mail destination */
1089 "T_MF", /* 4 mail forwarder */
1090 "T_CNAME", /* 5 canonical name */
1091 "T_SOA", /* 6 start of authority zone */
1092 "T_MB", /* 7 mailbox domain name */
1093 "T_MG", /* 8 mail group member */
1094 "T_MR", /* 9 mail rename name */
1095 "T_NULL", /* 10 null resource record */
1096 "T_WKS", /* 11 well known service */
1097 "T_PTR", /* 12 domain name pointer */
1098 "T_HINFO", /* 13 host information */
1099 "T_MINFO", /* 14 mailbox information */
1100 "T_MX", /* 15 mail routing information */
1101 "T_TXT", /* 16 text strings */
1102 "T_RP", /* 17 responsible person */
1103 "T_AFSDB", /* 18 AFS cell database */
1104 "T_X25", /* 19 X_25 calling address */
1105 "T_ISDN", /* 20 ISDN calling address */
1106 "T_RT", /* 21 router */
1107 "T_NSAP", /* 22 NSAP address */
1108 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1109 "T_SIG", /* 24 security signature */
1110 "T_KEY", /* 25 security key */
1111 "T_PX", /* 26 X.400 mail mapping */
1112 "T_GPOS", /* 27 geographical position (withdrawn) */
1113 "T_AAAA", /* 28 IP6 Address */
1114 "T_LOC", /* 29 Location Information */
1115 "T_NXT", /* 30 Next Valid Name in Zone */
1116 "T_EID", /* 31 Endpoint identifier */
1117 "T_NIMLOC", /* 32 Nimrod locator */
1118 "T_SRV", /* 33 Server selection */
1119 "T_ATMA", /* 34 ATM Address */
1120 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1121 NULL
1122 };
1123
1124 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1125
1126 /* Query type values which do not appear in resource records */
1127 static const char *const rr_qtype_name[] = {
1128 "T_IXFR", /* 251 incremental zone transfer */
1129 "T_AXFR", /* 252 transfer zone of authority */
1130 "T_MAILB", /* 253 transfer mailbox records */
1131 "T_MAILA", /* 254 transfer mail agent records */
1132 "T_ANY", /* 255 wildcard match */
1133 NULL
1134 };
1135
1136 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1137
1138 static const char *const rr_class_name[] = {
1139 "C_IN", /* 1 the arpa internet */
1140 NULL
1141 };
1142
1143 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1144
1145 /*
1146 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1147 *
1148 */
1149 const char *const natt_type_bitnames[] = {
1150 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1151 "draft-ietf-ipsec-nat-t-ike-02/03",
1152 "RFC 3947",
1153 "3", /* 3 */
1154 "4", "5", "6", "7",
1155 "8", "9", "10", "11",
1156 "12", "13", "14", "15",
1157 "16", "17", "18", "19",
1158 "20", "21", "22", "23",
1159 "24", "25", "26", "27",
1160 "28", "29",
1161 "nat is behind me",
1162 "nat is behind peer"
1163 };
1164
1165 /* look up enum names in an enum_names */
1166
1167 const char *
1168 enum_name(enum_names *ed, unsigned long val)
1169 {
1170 enum_names *p;
1171
1172 for (p = ed; p != NULL; p = p->en_next_range)
1173 {
1174 if (p->en_first <= val && val <= p->en_last)
1175 return p->en_names[val - p->en_first];
1176 }
1177 return NULL;
1178 }
1179
1180 /* find or construct a string to describe an enum value
1181 * Result may be in STATIC buffer!
1182 */
1183 const char *
1184 enum_show(enum_names *ed, unsigned long val)
1185 {
1186 const char *p = enum_name(ed, val);
1187
1188 if (p == NULL)
1189 {
1190 static char buf[12]; /* only one! I hope that it is big enough */
1191
1192 snprintf(buf, sizeof(buf), "%lu??", val);
1193 p = buf;
1194 }
1195 return p;
1196 }
1197
1198
1199 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1200
1201 int
1202 enum_search(enum_names *ed, const char *str)
1203 {
1204 enum_names *p;
1205 const char *ptr;
1206 unsigned en;
1207
1208 for (p = ed; p != NULL; p = p->en_next_range)
1209 for (en = p->en_first; en <= p->en_last ;en++)
1210 {
1211 ptr = p->en_names[en - p->en_first];
1212 if (ptr == 0) continue;
1213 /* if (strncmp(ptr, str, strlen(ptr))==0) */
1214 if (strcmp(ptr, str) == 0)
1215 return en;
1216 }
1217 return -1;
1218 }
1219
1220 /* construct a string to name the bits on in a set
1221 * Result may be in STATIC buffer!
1222 * Note: prettypolicy depends on internal details.
1223 */
1224 const char *
1225 bitnamesof(const char *const table[], lset_t val)
1226 {
1227 char *p = bitnamesbuf;
1228 lset_t bit;
1229 const char *const *tp;
1230
1231 if (val == 0)
1232 return "none";
1233
1234 for (tp = table, bit = 01; val != 0; bit <<= 1)
1235 {
1236 if (val & bit)
1237 {
1238 const char *n = *tp;
1239 size_t nl;
1240
1241 if (n == NULL || *n == '\0')
1242 {
1243 /* no name for this bit, so use hex */
1244 static char flagbuf[sizeof("0x80000000")];
1245
1246 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1247 n = flagbuf;
1248 }
1249
1250 nl = strlen(n);
1251
1252 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1253 *p++ = '+';
1254
1255 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1256 {
1257 strcpy(p, n);
1258 p += nl;
1259 }
1260 val -= bit;
1261 }
1262 if (*tp != NULL)
1263 tp++; /* move on, but not past end */
1264 }
1265 *p = '\0';
1266 return bitnamesbuf;
1267 }
1268
1269 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1270 * Suppress the shunt and fail fields if 0.
1271 */
1272 const char *
1273 prettypolicy(lset_t policy)
1274 {
1275 const char *bn = bitnamesof(sa_policy_bit_names
1276 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1277 size_t len;
1278 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1279 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1280
1281 if (bn != bitnamesbuf)
1282 bitnamesbuf[0] = '\0';
1283 len = strlen(bitnamesbuf);
1284 if (shunt != 0)
1285 {
1286 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1287 , policy_shunt_names[shunt]);
1288 len += strlen(bitnamesbuf + len);
1289 }
1290 if (fail != 0)
1291 {
1292 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1293 , policy_fail_names[fail]);
1294 len += strlen(bitnamesbuf + len);
1295 }
1296 if (NEVER_NEGOTIATE(policy))
1297 {
1298 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1299 len += strlen(bitnamesbuf + len);
1300 }
1301 return bitnamesbuf;
1302 }
1303
1304 /* test a set by seeing if all bits have names */
1305
1306 bool
1307 testset(const char *const table[], lset_t val)
1308 {
1309 lset_t bit;
1310 const char *const *tp;
1311
1312 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1313 {
1314 const char *n = *tp;
1315
1316 if (n == NULL || ((val & bit) && *n == '\0'))
1317 return FALSE;
1318 val &= ~bit;
1319 }
1320 return TRUE;
1321 }
1322
1323
1324 const char sparse_end[] = "end of sparse names";
1325
1326 /* look up enum names in a sparse_names */
1327 const char *sparse_name(sparse_names sd, unsigned long val)
1328 {
1329 const struct sparse_name *p;
1330
1331 for (p = sd; p->name != sparse_end; p++)
1332 if (p->val == val)
1333 return p->name;
1334 return NULL;
1335 }
1336
1337 /* find or construct a string to describe an sparse value
1338 * Result may be in STATIC buffer!
1339 */
1340 const char *
1341 sparse_val_show(sparse_names sd, unsigned long val)
1342 {
1343 const char *p = sparse_name(sd, val);
1344
1345 if (p == NULL)
1346 {
1347 static char buf[12]; /* only one! I hope that it is big enough */
1348
1349 snprintf(buf, sizeof(buf), "%lu??", val);
1350 p = buf;
1351 }
1352 return p;
1353 }
1354
1355 void init_constants(void)
1356 {
1357 happy(anyaddr(AF_INET, &ipv4_any));
1358 happy(anyaddr(AF_INET6, &ipv6_any));
1359
1360 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1361 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1362
1363 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1364 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1365 }