added Microsoft proprietary ModeCfg options
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id$
15 */
16
17 /*
18 * Note that the array sizes are all specified; this is to enable range
19 * checking by code that only includes constants.h.
20 */
21
22 #include <stddef.h>
23 #include <string.h>
24 #include <stdio.h>
25 #include <netinet/in.h>
26
27 #include <freeswan.h>
28 #include <ipsec_policy.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef LIBCURL
42 " LIBCURL"
43 #endif
44 #ifdef LIBLDAP
45 " LIBLDAP"
46 #endif
47 #ifdef SMARTCARD
48 " SMARTCARD"
49 #endif
50 #ifdef VENDORID
51 " VENDORID"
52 #endif
53 #ifdef CISCO_QUIRKS
54 " CISCO_QUIRKS"
55 #endif
56 #ifdef USE_KEYRR
57 " KEYRR"
58 #endif
59 ;
60
61 /* version */
62
63 static const char *const version_name[] = {
64 "ISAKMP Version 1.0",
65 };
66
67 enum_names version_names =
68 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
69 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
70 version_name, NULL };
71
72 /* RFC 2459 CRL reason codes */
73
74 static const char *const crl_reason_name[] = {
75 "unspecified",
76 "key compromise",
77 "ca compromise",
78 "affiliation changed",
79 "superseded",
80 "cessation of operation",
81 "certificate hold",
82 "reason #7",
83 "remove from crl"
84 };
85
86 enum_names crl_reason_names =
87 { REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL, crl_reason_name, NULL};
88
89 /* RFC 3706 Dead Peer Detection */
90
91 static const char *const dpd_action_name[] = {
92 "none",
93 "clear",
94 "hold",
95 "restart"
96 };
97
98 enum_names dpd_action_names =
99 { DPD_ACTION_NONE, DPD_ACTION_RESTART, dpd_action_name, NULL};
100
101 /* Timer events */
102
103 static const char *const timer_event_name[] = {
104 "EVENT_NULL",
105 "EVENT_REINIT_SECRET",
106 "EVENT_SHUNT_SCAN",
107 "EVENT_SO_DISCARD",
108 "EVENT_RETRANSMIT",
109 "EVENT_SA_REPLACE",
110 "EVENT_SA_REPLACE_IF_USED",
111 "EVENT_SA_EXPIRE",
112 "EVENT_NAT_T_KEEPALIVE",
113 "EVENT_DPD",
114 "EVENT_DPD_TIMEOUT",
115 "EVENT_LOG_DAILY"
116 };
117
118 enum_names timer_event_names =
119 { EVENT_NULL, EVENT_LOG_DAILY, timer_event_name, NULL };
120
121 /* Domain of Interpretation */
122
123 static const char *const doi_name[] = {
124 "ISAKMP_DOI_ISAKMP",
125 "ISAKMP_DOI_IPSEC",
126 };
127
128 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
129
130 /* debugging settings: a set of selections for reporting
131 * These would be more naturally situated in log.h,
132 * but they are shared with whack.
133 * It turns out that "debug-" is clutter in all contexts this is used,
134 * so we leave it off.
135 */
136 #ifdef DEBUG
137 const char *const debug_bit_names[] = {
138 "raw",
139 "crypt",
140 "parsing",
141 "emitting",
142 "control",
143 "lifecycle",
144 "klips",
145 "dns",
146 "natt",
147 "oppo",
148 "controlmore",
149
150 "private",
151
152 "impair-delay-adns-key-answer",
153 "impair-delay-adns-txt-answer",
154 "impair-bust-mi2",
155 "impair-bust-mr2",
156
157 NULL
158 };
159 #endif
160
161 /* State of exchanges */
162
163 static const char *const state_name[] = {
164 "STATE_MAIN_R0",
165 "STATE_MAIN_I1",
166 "STATE_MAIN_R1",
167 "STATE_MAIN_I2",
168 "STATE_MAIN_R2",
169 "STATE_MAIN_I3",
170 "STATE_MAIN_R3",
171 "STATE_MAIN_I4",
172
173 "STATE_QUICK_R0",
174 "STATE_QUICK_I1",
175 "STATE_QUICK_R1",
176 "STATE_QUICK_I2",
177 "STATE_QUICK_R2",
178
179 "STATE_INFO",
180 "STATE_INFO_PROTECTED",
181
182 "STATE_XAUTH_I0",
183 "STATE_XAUTH_R1",
184 "STATE_XAUTH_I1",
185 "STATE_XAUTH_R2",
186 "STATE_XAUTH_I2",
187 "STATE_XAUTH_R3",
188
189 "STATE_MODE_CFG_R0",
190 "STATE_MODE_CFG_I1",
191 "STATE_MODE_CFG_R1",
192 "STATE_MODE_CFG_I2",
193
194 "STATE_MODE_CFG_I0",
195 "STATE_MODE_CFG_R3",
196 "STATE_MODE_CFG_I3",
197 "STATE_MODE_CFG_R4",
198
199 "STATE_IKE_ROOF"
200 };
201
202 enum_names state_names =
203 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
204
205 /* story for state */
206
207 const char *const state_story[] = {
208 "expecting MI1", /* STATE_MAIN_R0 */
209 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
210 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
211 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
212 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
213 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
214 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
215 "ISAKMP SA established", /* STATE_MAIN_I4 */
216
217 "expecting QI1", /* STATE_QUICK_R0 */
218 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
219 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
220 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
221 "IPsec SA established", /* STATE_QUICK_R2 */
222
223 "got Informational Message in clear", /* STATE_INFO */
224 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
225
226 "expecting XAUTH request", /* STATE_XAUTH_I0 */
227 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
228 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
229 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
230 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
231 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
232
233 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
234 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
235 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
236 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
237
238 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
239 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
240 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
241 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
242 };
243
244 /* kind of struct connection */
245
246 static const char *const connection_kind_name[] = {
247 "CK_GROUP", /* policy group: instantiates to template */
248 "CK_TEMPLATE", /* abstract connection, with wildcard */
249 "CK_PERMANENT", /* normal connection */
250 "CK_INSTANCE", /* instance of template, created for a particular attempt */
251 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
252 };
253
254 enum_names connection_kind_names =
255 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
256
257 /* routing status names */
258
259 static const char *const routing_story_strings[] = {
260 "unrouted", /* RT_UNROUTED: unrouted */
261 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
262 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
263 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
264 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
265 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
266 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
267 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
268 };
269
270 enum_names routing_story =
271 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
272
273 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
274
275 const char *const payload_name[] = {
276 "ISAKMP_NEXT_NONE",
277 "ISAKMP_NEXT_SA",
278 "ISAKMP_NEXT_P",
279 "ISAKMP_NEXT_T",
280 "ISAKMP_NEXT_KE",
281 "ISAKMP_NEXT_ID",
282 "ISAKMP_NEXT_CERT",
283 "ISAKMP_NEXT_CR",
284 "ISAKMP_NEXT_HASH",
285 "ISAKMP_NEXT_SIG",
286 "ISAKMP_NEXT_NONCE",
287 "ISAKMP_NEXT_N",
288 "ISAKMP_NEXT_D",
289 "ISAKMP_NEXT_VID",
290 "ISAKMP_NEXT_MODECFG",
291 "ISAKMP_NEXT_15",
292 "ISAKMP_NEXT_16",
293 "ISAKMP_NEXT_17",
294 "ISAKMP_NEXT_18",
295 "ISAKMP_NEXT_19",
296 "ISAKMP_NEXT_NAT-D",
297 "ISAKMP_NEXT_NAT-OA",
298 NULL
299 };
300
301 const char *const payload_name_nat_d[] = { "ISAKMP_NEXT_NAT-D",
302 "ISAKMP_NEXT_NAT-OA", NULL };
303
304 static enum_names payload_names_nat_d =
305 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
306
307 enum_names payload_names =
308 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
309
310 /* Exchange types (note: two discontinuous ranges) */
311
312 static const char *const exchange_name[] = {
313 "ISAKMP_XCHG_NONE",
314 "ISAKMP_XCHG_BASE",
315 "ISAKMP_XCHG_IDPROT",
316 "ISAKMP_XCHG_AO",
317 "ISAKMP_XCHG_AGGR",
318 "ISAKMP_XCHG_INFO",
319 "ISAKMP_XCHG_MODE_CFG",
320 };
321
322 static const char *const exchange_name2[] = {
323 "ISAKMP_XCHG_QUICK",
324 "ISAKMP_XCHG_NGRP",
325 "ISAKMP_XCHG_ACK_INFO",
326 };
327
328 static enum_names exchange_desc2 =
329 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
330
331 enum_names exchange_names =
332 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
333
334 /* Flag BITS */
335 const char *const flag_bit_names[] = {
336 "ISAKMP_FLAG_ENCRYPTION",
337 "ISAKMP_FLAG_COMMIT",
338 NULL
339 };
340
341 /* Situation BITS definition for IPsec DOI */
342
343 const char *const sit_bit_names[] = {
344 "SIT_IDENTITY_ONLY",
345 "SIT_SECRECY",
346 "SIT_INTEGRITY",
347 NULL
348 };
349
350 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
351
352 static const char *const protocol_name[] = {
353 "PROTO_ISAKMP",
354 "PROTO_IPSEC_AH",
355 "PROTO_IPSEC_ESP",
356 "PROTO_IPCOMP",
357 };
358
359 enum_names protocol_names =
360 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
361
362 /* IPsec ISAKMP transform values */
363
364 static const char *const isakmp_transform_name[] = {
365 "KEY_IKE",
366 };
367
368 enum_names isakmp_transformid_names =
369 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
370
371 /* IPsec AH transform values */
372
373 static const char *const ah_transform_name[] = {
374 "AH_MD5",
375 "AH_SHA",
376 "AH_DES",
377 "AH_SHA2_256",
378 "AH_SHA2_384",
379 "AH_SHA2_512",
380 "AH_RIPEMD",
381 "AH_AES_XCBC_MAC",
382 "AH_RSA"
383 };
384
385 enum_names ah_transformid_names =
386 { AH_MD5, AH_RSA, ah_transform_name, NULL };
387
388 /* IPsec ESP transform values */
389
390 static const char *const esp_transform_name[] = {
391 "ESP_DES_IV64",
392 "ESP_DES",
393 "ESP_3DES",
394 "ESP_RC5",
395 "ESP_IDEA",
396 "ESP_CAST",
397 "ESP_BLOWFISH",
398 "ESP_3IDEA",
399 "ESP_DES_IV32",
400 "ESP_RC4",
401 "ESP_NULL",
402 "ESP_AES",
403 "ESP_AES-CTR",
404 "ESP_AES-CCM_8",
405 "ESP_AES-CCM_12",
406 "ESP_AES-CCM_16",
407 "ESP_UNASSIGNED_17",
408 "ESP_AES_GCM_8",
409 "ESP_AES_GCM_12",
410 "ESP_AES_GCM_16",
411 "ESP_SEED_CBC",
412 "ESP_CAMELLIA"
413 };
414
415 /*
416 * ipsec drafts suggest "high" ESP ids values for testing,
417 * assign generic ESP_ID<num> if not officially defined
418 */
419 static const char *const esp_transform_name_high[] = {
420 "ESP_SERPENT",
421 "ESP_TWOFISH"
422 };
423
424 enum_names esp_transformid_names_high =
425 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
426
427 enum_names esp_transformid_names =
428 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
429
430 /* IPCOMP transform values */
431
432 static const char *const ipcomp_transform_name[] = {
433 "IPCOMP_OUI",
434 "IPCOMP_DEFLAT",
435 "IPCOMP_LZS",
436 "IPCOMP_LZJH",
437 };
438
439 enum_names ipcomp_transformid_names =
440 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
441
442 /* Identification type values */
443
444 static const char *const ident_name[] = {
445 "ID_IPV4_ADDR",
446 "ID_FQDN",
447 "ID_USER_FQDN",
448 "ID_IPV4_ADDR_SUBNET",
449 "ID_IPV6_ADDR",
450 "ID_IPV6_ADDR_SUBNET",
451 "ID_IPV4_ADDR_RANGE",
452 "ID_IPV6_ADDR_RANGE",
453 "ID_DER_ASN1_DN",
454 "ID_DER_ASN1_GN",
455 "ID_KEY_ID",
456 };
457
458 enum_names ident_names =
459 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
460
461 /* Certificate type values */
462
463 static const char *const cert_type_name[] = {
464 "CERT_NONE",
465 "CERT_PKCS7_WRAPPED_X509",
466 "CERT_PGP",
467 "CERT_DNS_SIGNED_KEY",
468 "CERT_X509_SIGNATURE",
469 "CERT_X509_KEY_EXCHANGE",
470 "CERT_KERBEROS_TOKENS",
471 "CERT_CRL",
472 "CERT_ARL",
473 "CERT_SPKI",
474 "CERT_X509_ATTRIBUTE",
475 };
476
477 enum_names cert_type_names =
478 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
479
480 /* Certificate policy names */
481
482 static const char *const cert_policy_name[] = {
483 "ALWAYS_SEND",
484 "SEND_IF_ASKED",
485 "NEVER_SEND",
486 };
487
488 enum_names cert_policy_names =
489 { CERT_ALWAYS_SEND, CERT_NEVER_SEND, cert_policy_name, NULL };
490
491 /* Goal BITs for establishing an SA
492 * Note: we drop the POLICY_ prefix so that logs are more concise.
493 */
494
495 const char *const sa_policy_bit_names[] = {
496 "PSK",
497 "RSASIG",
498 "ENCRYPT",
499 "AUTHENTICATE",
500 "COMPRESS",
501 "TUNNEL",
502 "PFS",
503 "DISABLEARRIVALCHECK",
504 "SHUNT0",
505 "SHUNT1",
506 "FAILSHUNT0",
507 "FAILSHUNT1",
508 "DONTREKEY",
509 "OPPORTUNISTIC",
510 "GROUP",
511 "GROUTED",
512 "UP",
513 "MODECFGPUSH",
514 "XAUTHPSK",
515 "XAUTHRSASIG",
516 "XAUTHSERVER",
517 "DONTREAUTH",
518 "BEET",
519 "MOBIKE",
520 "ECDSA",
521 "PROXY",
522 NULL
523 };
524
525 const char *const policy_shunt_names[4] = {
526 "TRAP",
527 "PASS",
528 "DROP",
529 "REJECT",
530 };
531
532 const char *const policy_fail_names[4] = {
533 "NONE",
534 "PASS",
535 "DROP",
536 "REJECT",
537 };
538
539 /* Oakley transform attributes
540 * oakley_attr_bit_names does double duty: it is used for enum names
541 * and bit names.
542 */
543
544 const char *const oakley_attr_bit_names[] = {
545 "OAKLEY_ENCRYPTION_ALGORITHM",
546 "OAKLEY_HASH_ALGORITHM",
547 "OAKLEY_AUTHENTICATION_METHOD",
548 "OAKLEY_GROUP_DESCRIPTION",
549 "OAKLEY_GROUP_TYPE",
550 "OAKLEY_GROUP_PRIME",
551 "OAKLEY_GROUP_GENERATOR_ONE",
552 "OAKLEY_GROUP_GENERATOR_TWO",
553 "OAKLEY_GROUP_CURVE_A",
554 "OAKLEY_GROUP_CURVE_B",
555 "OAKLEY_LIFE_TYPE",
556 "OAKLEY_LIFE_DURATION",
557 "OAKLEY_PRF",
558 "OAKLEY_KEY_LENGTH",
559 "OAKLEY_FIELD_SIZE",
560 "OAKLEY_GROUP_ORDER",
561 "OAKLEY_BLOCK_SIZE",
562 NULL
563 };
564
565 static const char *const oakley_var_attr_name[] = {
566 "OAKLEY_GROUP_PRIME (variable length)",
567 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
568 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
569 "OAKLEY_GROUP_CURVE_A (variable length)",
570 "OAKLEY_GROUP_CURVE_B (variable length)",
571 NULL,
572 "OAKLEY_LIFE_DURATION (variable length)",
573 NULL,
574 NULL,
575 NULL,
576 "OAKLEY_GROUP_ORDER (variable length)",
577 };
578
579 static enum_names oakley_attr_desc_tv = {
580 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
581 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
582
583 enum_names oakley_attr_names = {
584 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
585 oakley_var_attr_name, &oakley_attr_desc_tv };
586
587 /* for each Oakley attribute, which enum_names describes its values? */
588 enum_names *oakley_attr_val_descs[] = {
589 NULL, /* (none) */
590 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
591 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
592 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
593 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
594 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
595 NULL, /* OAKLEY_GROUP_PRIME */
596 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
597 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
598 NULL, /* OAKLEY_GROUP_CURVE_A */
599 NULL, /* OAKLEY_GROUP_CURVE_B */
600 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
601 NULL, /* OAKLEY_LIFE_DURATION */
602 &oakley_prf_names, /* OAKLEY_PRF */
603 NULL, /* OAKLEY_KEY_LENGTH */
604 NULL, /* OAKLEY_FIELD_SIZE */
605 NULL, /* OAKLEY_GROUP_ORDER */
606 };
607
608 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
609
610 static const char *const ipsec_attr_name[] = {
611 "SA_LIFE_TYPE",
612 "SA_LIFE_DURATION",
613 "GROUP_DESCRIPTION",
614 "ENCAPSULATION_MODE",
615 "AUTH_ALGORITHM",
616 "KEY_LENGTH",
617 "KEY_ROUNDS",
618 "COMPRESS_DICT_SIZE",
619 "COMPRESS_PRIVATE_ALG",
620 };
621
622 static const char *const ipsec_var_attr_name[] = {
623 "SA_LIFE_DURATION (variable length)",
624 NULL,
625 NULL,
626 NULL,
627 NULL,
628 NULL,
629 NULL,
630 "COMPRESS_PRIVATE_ALG (variable length)",
631 };
632
633 static enum_names ipsec_attr_desc_tv = {
634 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
635 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
636 ipsec_attr_name, NULL };
637
638 enum_names ipsec_attr_names = {
639 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
640 ipsec_var_attr_name, &ipsec_attr_desc_tv };
641
642 /* for each IPsec attribute, which enum_names describes its values? */
643 enum_names *ipsec_attr_val_descs[] = {
644 NULL, /* (none) */
645 &sa_lifetime_names, /* SA_LIFE_TYPE */
646 NULL, /* SA_LIFE_DURATION */
647 &oakley_group_names, /* GROUP_DESCRIPTION */
648 &enc_mode_names, /* ENCAPSULATION_MODE */
649 &auth_alg_names, /* AUTH_ALGORITHM */
650 NULL, /* KEY_LENGTH */
651 NULL, /* KEY_ROUNDS */
652 NULL, /* COMPRESS_DICT_SIZE */
653 NULL, /* COMPRESS_PRIVATE_ALG */
654 };
655
656 /* SA Lifetime Type attribute */
657
658 static const char *const sa_lifetime_name[] = {
659 "SA_LIFE_TYPE_SECONDS",
660 "SA_LIFE_TYPE_KBYTES",
661 };
662
663 enum_names sa_lifetime_names =
664 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
665
666 /* Encapsulation Mode attribute */
667
668 static const char *const enc_mode_name[] = {
669 "ENCAPSULATION_MODE_TUNNEL",
670 "ENCAPSULATION_MODE_TRANSPORT",
671 "ENCAPSULATION_MODE_UDP_TUNNEL",
672 "ENCAPSULATION_MODE_UDP_TRANSPORT",
673 };
674
675 static const char *const enc_udp_mode_name[] = {
676 "ENCAPSULATION_MODE_UDP_TUNNEL",
677 "ENCAPSULATION_MODE_UDP_TRANSPORT",
678 };
679
680 static enum_names enc_udp_mode_names =
681 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
682
683 enum_names enc_mode_names =
684 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
685
686 /* Auth Algorithm attribute */
687
688 static const char *const auth_alg_name[] = {
689 "AUTH_ALGORITHM_HMAC_MD5",
690 "AUTH_ALGORITHM_HMAC_SHA1",
691 "AUTH_ALGORITHM_DES_MAC",
692 "AUTH_ALGORITHM_KPDK",
693 "AUTH_ALGORITHM_HMAC_SHA2_256",
694 "AUTH_ALGORITHM_HMAC_SHA2_384",
695 "AUTH_ALGORITHM_HMAC_SHA2_512",
696 "AUTH_ALGORITHM_HMAC_RIPEMD",
697 "AUTH_ALGORITHM_AES_XCBC_MAC",
698 "AUTH_ALGORITHM_SIG_RSA"
699 };
700
701 static const char *const extended_auth_alg_name[] = {
702 "AUTH_ALGORITHM_NULL"
703 };
704
705 enum_names extended_auth_alg_names =
706 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
707
708 enum_names auth_alg_names =
709 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
710 , &extended_auth_alg_names };
711
712 /* From draft-beaulieu-ike-xauth */
713 static const char *const xauth_type_name[] = {
714 "Generic",
715 "RADIUS-CHAP",
716 "OTP",
717 "S/KEY",
718 };
719
720 enum_names xauth_type_names =
721 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
722
723 /* From draft-beaulieu-ike-xauth */
724 static const char *const xauth_attr_tv_name[] = {
725 "XAUTH_TYPE",
726 NULL,
727 NULL,
728 NULL,
729 NULL,
730 NULL,
731 NULL,
732 "XAUTH_STATUS",
733 };
734
735 enum_names xauth_attr_tv_names = {
736 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
737 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
738
739 static const char *const unity_attr_name[] = {
740 "UNITY_BANNER",
741 "UNITY_SAVE_PASSWD",
742 "UNITY_DEF_DOMAIN",
743 "UNITY_SPLITDNS_NAME",
744 "UNITY_SPLIT_INCLUDE",
745 "UNITY_NATT_PORT",
746 "UNITY_LOCAL_LAN",
747 "UNITY_PFS",
748 "UNITY_FW_TYPE",
749 "UNITY_BACKUP_SERVERS",
750 "UNITY_DDNS_HOSTNAME",
751 };
752
753 enum_names unity_attr_names =
754 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
755
756 static const char *const microsoft_attr_name[] = {
757 "INTERNAL_IP4_SERVER",
758 "INTERNAL_IP6_SERVER",
759 };
760
761 enum_names microsoft_attr_names =
762 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
763
764 static const char *const xauth_attr_name[] = {
765 "XAUTH_USER_NAME",
766 "XAUTH_USER_PASSWORD",
767 "XAUTH_PASSCODE",
768 "XAUTH_MESSAGE",
769 "XAUTH_CHALLENGE",
770 "XAUTH_DOMAIN",
771 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
772 "XAUTH_NEXT_PIN",
773 "XAUTH_ANSWER",
774 };
775
776 enum_names xauth_attr_names =
777 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
778
779 static const char *const modecfg_attr_name[] = {
780 "INTERNAL_IP4_ADDRESS",
781 "INTERNAL_IP4_NETMASK",
782 "INTERNAL_IP4_DNS",
783 "INTERNAL_IP4_NBNS",
784 "INTERNAL_ADDRESS_EXPIRY",
785 "INTERNAL_IP4_DHCP",
786 "APPLICATION_VERSION",
787 "INTERNAL_IP6_ADDRESS",
788 "INTERNAL_IP6_NETMASK",
789 "INTERNAL_IP6_DNS",
790 "INTERNAL_IP6_NBNS",
791 "INTERNAL_IP6_DHCP",
792 "INTERNAL_IP4_SUBNET",
793 "SUPPORTED_ATTRIBUTES",
794 "INTERNAL_IP6_SUBNET",
795 };
796
797 enum_names modecfg_attr_names =
798 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
799
800 /* Oakley Lifetime Type attribute */
801
802 static const char *const oakley_lifetime_name[] = {
803 "OAKLEY_LIFE_SECONDS",
804 "OAKLEY_LIFE_KILOBYTES",
805 };
806
807 enum_names oakley_lifetime_names =
808 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
809
810 /* Oakley PRF attribute (none defined) */
811
812 enum_names oakley_prf_names =
813 { 1, 0, NULL, NULL };
814
815 /* Oakley Encryption Algorithm attribute */
816
817 static const char *const oakley_enc_name[] = {
818 "OAKLEY_DES_CBC",
819 "OAKLEY_IDEA_CBC",
820 "OAKLEY_BLOWFISH_CBC",
821 "OAKLEY_RC5_R16_B64_CBC",
822 "OAKLEY_3DES_CBC",
823 "OAKLEY_CAST_CBC",
824 "OAKLEY_AES_CBC",
825 };
826
827 #ifdef NO_EXTRA_IKE
828 enum_names oakley_enc_names =
829 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name, NULL };
830 #else
831 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
832 "OAKLEY_MARS_CBC" /* 65001 */,
833 "OAKLEY_RC6_CBC" /* 65002 */,
834 "OAKLEY_ID_65003" /* 65003 */,
835 "OAKLEY_SERPENT_CBC" /* 65004 */,
836 "OAKLEY_TWOFISH_CBC" /* 65005 */,
837 };
838 static const char *const oakley_enc_name_ssh[] = {
839 "OAKLEY_TWOFISH_CBC_SSH",
840 };
841 enum_names oakley_enc_names_ssh =
842 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
843 , NULL };
844
845 enum_names oakley_enc_names_draft_aes_cbc_02 =
846 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
847 , &oakley_enc_names_ssh };
848
849 enum_names oakley_enc_names =
850 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name
851 , &oakley_enc_names_draft_aes_cbc_02 };
852 #endif
853
854 /* Oakley Hash Algorithm attribute */
855
856 static const char *const oakley_hash_name[] = {
857 "OAKLEY_MD5",
858 "OAKLEY_SHA",
859 "OAKLEY_TIGER",
860 "OAKLEY_SHA2_256",
861 "OAKLEY_SHA2_384",
862 "OAKLEY_SHA2_512",
863 };
864
865 enum_names oakley_hash_names =
866 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
867
868 /* Oakley Authentication Method attribute */
869
870 static const char *const oakley_auth_name1[] = {
871 "OAKLEY_PRESHARED_KEY",
872 "OAKLEY_DSS_SIG",
873 "OAKLEY_RSA_SIG",
874 "OAKLEY_RSA_ENC",
875 "OAKLEY_RSA_ENC_REV",
876 "OAKLEY_ELGAMAL_ENC",
877 "OAKLEY_ELGAMAL_ENC_REV",
878 };
879
880 static const char *const oakley_auth_name2[] = {
881 "HybridInitRSA",
882 "HybridRespRSA",
883 "HybridInitDSS",
884 "HybridRespDSS",
885 };
886
887 static const char *const oakley_auth_name3[] = {
888 "XAUTHInitPreShared",
889 "XAUTHRespPreShared",
890 "XAUTHInitDSS",
891 "XAUTHRespDSS",
892 "XAUTHInitRSA",
893 "XAUTHRespRSA",
894 "XAUTHInitRSAEncryption",
895 "XAUTHRespRSAEncryption",
896 "XAUTHInitRSARevisedEncryption",
897 "XAUTHRespRSARevisedEncryption",
898 };
899
900 static enum_names oakley_auth_names1 =
901 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
902 , oakley_auth_name1, NULL };
903
904 static enum_names oakley_auth_names2 =
905 { HybridInitRSA, HybridRespDSS
906 , oakley_auth_name2, &oakley_auth_names1 };
907
908 enum_names oakley_auth_names =
909 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
910 , oakley_auth_name3, &oakley_auth_names2 };
911
912 /* Oakley Group Description attribute */
913
914 static const char *const oakley_group_name[] = {
915 "OAKLEY_GROUP_MODP768",
916 "OAKLEY_GROUP_MODP1024",
917 "OAKLEY_GROUP_GP155",
918 "OAKLEY_GROUP_GP185",
919 "OAKLEY_GROUP_MODP1536",
920 };
921
922 static const char *const oakley_group_name_rfc3526[] = {
923 "OAKLEY_GROUP_MODP2048",
924 "OAKLEY_GROUP_MODP3072",
925 "OAKLEY_GROUP_MODP4096",
926 "OAKLEY_GROUP_MODP6144",
927 "OAKLEY_GROUP_MODP8192"
928 };
929 enum_names oakley_group_names_rfc3526 =
930 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
931 oakley_group_name_rfc3526, NULL };
932
933 enum_names oakley_group_names =
934 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
935 oakley_group_name, &oakley_group_names_rfc3526 };
936
937 /* Oakley Group Type attribute */
938
939 static const char *const oakley_group_type_name[] = {
940 "OAKLEY_GROUP_TYPE_MODP",
941 "OAKLEY_GROUP_TYPE_ECP",
942 "OAKLEY_GROUP_TYPE_EC2N",
943 };
944
945 enum_names oakley_group_type_names =
946 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
947
948 /* Notify messages -- error types */
949
950 static const char *const notification_name[] = {
951 "INVALID_PAYLOAD_TYPE",
952 "DOI_NOT_SUPPORTED",
953 "SITUATION_NOT_SUPPORTED",
954 "INVALID_COOKIE",
955 "INVALID_MAJOR_VERSION",
956 "INVALID_MINOR_VERSION",
957 "INVALID_EXCHANGE_TYPE",
958 "INVALID_FLAGS",
959 "INVALID_MESSAGE_ID",
960 "INVALID_PROTOCOL_ID",
961 "INVALID_SPI",
962 "INVALID_TRANSFORM_ID",
963 "ATTRIBUTES_NOT_SUPPORTED",
964 "NO_PROPOSAL_CHOSEN",
965 "BAD_PROPOSAL_SYNTAX",
966 "PAYLOAD_MALFORMED",
967 "INVALID_KEY_INFORMATION",
968 "INVALID_ID_INFORMATION",
969 "INVALID_CERT_ENCODING",
970 "INVALID_CERTIFICATE",
971 "CERT_TYPE_UNSUPPORTED",
972 "INVALID_CERT_AUTHORITY",
973 "INVALID_HASH_INFORMATION",
974 "AUTHENTICATION_FAILED",
975 "INVALID_SIGNATURE",
976 "ADDRESS_NOTIFICATION",
977 "NOTIFY_SA_LIFETIME",
978 "CERTIFICATE_UNAVAILABLE",
979 "UNSUPPORTED_EXCHANGE_TYPE",
980 "UNEQUAL_PAYLOAD_LENGTHS",
981 };
982
983 static const char *const notification_status_name[] = {
984 "CONNECTED",
985 };
986
987 static const char *const ipsec_notification_name[] = {
988 "IPSEC_RESPONDER_LIFETIME",
989 "IPSEC_REPLAY_STATUS",
990 "IPSEC_INITIAL_CONTACT",
991 };
992
993 static const char *const notification_dpd_name[] = {
994 "R_U_THERE",
995 "R_U_THERE_ACK",
996 };
997
998 enum_names notification_dpd_names =
999 { R_U_THERE, R_U_THERE_ACK,
1000 notification_dpd_name, NULL };
1001
1002 enum_names ipsec_notification_names =
1003 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
1004 ipsec_notification_name, &notification_dpd_names };
1005
1006 enum_names notification_status_names =
1007 { CONNECTED, CONNECTED,
1008 notification_status_name, &ipsec_notification_names };
1009
1010 enum_names notification_names =
1011 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
1012 notification_name, &notification_status_names };
1013
1014 /* MODECFG
1015 * From draft-dukes-ike-mode-cfg
1016 */
1017 const char *const attr_msg_type_name[] = {
1018 "ISAKMP_CFG_RESERVED",
1019 "ISAKMP_CFG_REQUEST",
1020 "ISAKMP_CFG_REPLY",
1021 "ISAKMP_CFG_SET",
1022 "ISAKMP_CFG_ACK",
1023 NULL
1024 };
1025
1026 enum_names attr_msg_type_names =
1027 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1028
1029 /* socket address family info */
1030
1031 static const char *const af_inet_name[] = {
1032 "AF_INET",
1033 };
1034
1035 static const char *const af_inet6_name[] = {
1036 "AF_INET6",
1037 };
1038
1039 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1040
1041 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1042
1043 static ip_address ipv4_any, ipv6_any;
1044 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1045 static ip_subnet ipv4_all, ipv6_all;
1046
1047 const struct af_info af_inet4_info = {
1048 AF_INET,
1049 "AF_INET",
1050 sizeof(struct in_addr),
1051 sizeof(struct sockaddr_in),
1052 32,
1053 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1054 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1055 };
1056
1057 const struct af_info af_inet6_info = {
1058 AF_INET6,
1059 "AF_INET6",
1060 sizeof(struct in6_addr),
1061 sizeof(struct sockaddr_in6),
1062 128,
1063 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1064 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1065 };
1066
1067 const struct af_info *
1068 aftoinfo(int af)
1069 {
1070 switch (af)
1071 {
1072 case AF_INET:
1073 return &af_inet4_info;
1074 case AF_INET6:
1075 return &af_inet6_info;
1076 default:
1077 return NULL;
1078 }
1079 }
1080
1081 bool
1082 subnetisnone(const ip_subnet *sn)
1083 {
1084 ip_address base;
1085
1086 networkof(sn, &base);
1087 return isanyaddr(&base) && subnetishost(sn);
1088 }
1089
1090 /* BIND enumerated types */
1091
1092 #include <arpa/nameser.h>
1093
1094 static const char *const rr_type_name[] = {
1095 "T_A", /* 1 host address */
1096 "T_NS", /* 2 authoritative server */
1097 "T_MD", /* 3 mail destination */
1098 "T_MF", /* 4 mail forwarder */
1099 "T_CNAME", /* 5 canonical name */
1100 "T_SOA", /* 6 start of authority zone */
1101 "T_MB", /* 7 mailbox domain name */
1102 "T_MG", /* 8 mail group member */
1103 "T_MR", /* 9 mail rename name */
1104 "T_NULL", /* 10 null resource record */
1105 "T_WKS", /* 11 well known service */
1106 "T_PTR", /* 12 domain name pointer */
1107 "T_HINFO", /* 13 host information */
1108 "T_MINFO", /* 14 mailbox information */
1109 "T_MX", /* 15 mail routing information */
1110 "T_TXT", /* 16 text strings */
1111 "T_RP", /* 17 responsible person */
1112 "T_AFSDB", /* 18 AFS cell database */
1113 "T_X25", /* 19 X_25 calling address */
1114 "T_ISDN", /* 20 ISDN calling address */
1115 "T_RT", /* 21 router */
1116 "T_NSAP", /* 22 NSAP address */
1117 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1118 "T_SIG", /* 24 security signature */
1119 "T_KEY", /* 25 security key */
1120 "T_PX", /* 26 X.400 mail mapping */
1121 "T_GPOS", /* 27 geographical position (withdrawn) */
1122 "T_AAAA", /* 28 IP6 Address */
1123 "T_LOC", /* 29 Location Information */
1124 "T_NXT", /* 30 Next Valid Name in Zone */
1125 "T_EID", /* 31 Endpoint identifier */
1126 "T_NIMLOC", /* 32 Nimrod locator */
1127 "T_SRV", /* 33 Server selection */
1128 "T_ATMA", /* 34 ATM Address */
1129 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1130 NULL
1131 };
1132
1133 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1134
1135 /* Query type values which do not appear in resource records */
1136 static const char *const rr_qtype_name[] = {
1137 "T_IXFR", /* 251 incremental zone transfer */
1138 "T_AXFR", /* 252 transfer zone of authority */
1139 "T_MAILB", /* 253 transfer mailbox records */
1140 "T_MAILA", /* 254 transfer mail agent records */
1141 "T_ANY", /* 255 wildcard match */
1142 NULL
1143 };
1144
1145 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1146
1147 static const char *const rr_class_name[] = {
1148 "C_IN", /* 1 the arpa internet */
1149 NULL
1150 };
1151
1152 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1153
1154 /*
1155 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1156 *
1157 */
1158 const char *const natt_type_bitnames[] = {
1159 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1160 "draft-ietf-ipsec-nat-t-ike-02/03",
1161 "RFC 3947",
1162 "3", /* 3 */
1163 "4", "5", "6", "7",
1164 "8", "9", "10", "11",
1165 "12", "13", "14", "15",
1166 "16", "17", "18", "19",
1167 "20", "21", "22", "23",
1168 "24", "25", "26", "27",
1169 "28", "29",
1170 "nat is behind me",
1171 "nat is behind peer"
1172 };
1173
1174 /* look up enum names in an enum_names */
1175
1176 const char *
1177 enum_name(enum_names *ed, unsigned long val)
1178 {
1179 enum_names *p;
1180
1181 for (p = ed; p != NULL; p = p->en_next_range)
1182 {
1183 if (p->en_first <= val && val <= p->en_last)
1184 return p->en_names[val - p->en_first];
1185 }
1186 return NULL;
1187 }
1188
1189 /* find or construct a string to describe an enum value
1190 * Result may be in STATIC buffer!
1191 */
1192 const char *
1193 enum_show(enum_names *ed, unsigned long val)
1194 {
1195 const char *p = enum_name(ed, val);
1196
1197 if (p == NULL)
1198 {
1199 static char buf[12]; /* only one! I hope that it is big enough */
1200
1201 snprintf(buf, sizeof(buf), "%lu??", val);
1202 p = buf;
1203 }
1204 return p;
1205 }
1206
1207
1208 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1209
1210 int
1211 enum_search(enum_names *ed, const char *str)
1212 {
1213 enum_names *p;
1214 const char *ptr;
1215 unsigned en;
1216
1217 for (p = ed; p != NULL; p = p->en_next_range)
1218 {
1219 for (en = p->en_first; en <= p->en_last ;en++)
1220 {
1221 ptr = p->en_names[en - p->en_first];
1222 if (ptr == 0)
1223 {
1224 continue;
1225 }
1226 if (streq(ptr, str))
1227 {
1228 return en;
1229 }
1230 }
1231 }
1232 return -1;
1233 }
1234
1235 /* construct a string to name the bits on in a set
1236 * Result may be in STATIC buffer!
1237 * Note: prettypolicy depends on internal details.
1238 */
1239 const char *
1240 bitnamesof(const char *const table[], lset_t val)
1241 {
1242 char *p = bitnamesbuf;
1243 lset_t bit;
1244 const char *const *tp;
1245
1246 if (val == 0)
1247 return "none";
1248
1249 for (tp = table, bit = 01; val != 0; bit <<= 1)
1250 {
1251 if (val & bit)
1252 {
1253 const char *n = *tp;
1254 size_t nl;
1255
1256 if (n == NULL || *n == '\0')
1257 {
1258 /* no name for this bit, so use hex */
1259 static char flagbuf[sizeof("0x80000000")];
1260
1261 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1262 n = flagbuf;
1263 }
1264
1265 nl = strlen(n);
1266
1267 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1268 *p++ = '+';
1269
1270 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1271 {
1272 strcpy(p, n);
1273 p += nl;
1274 }
1275 val -= bit;
1276 }
1277 if (*tp != NULL)
1278 tp++; /* move on, but not past end */
1279 }
1280 *p = '\0';
1281 return bitnamesbuf;
1282 }
1283
1284 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1285 * Suppress the shunt and fail fields if 0.
1286 */
1287 const char *
1288 prettypolicy(lset_t policy)
1289 {
1290 const char *bn = bitnamesof(sa_policy_bit_names
1291 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1292 size_t len;
1293 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1294 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1295
1296 if (bn != bitnamesbuf)
1297 bitnamesbuf[0] = '\0';
1298 len = strlen(bitnamesbuf);
1299 if (shunt != 0)
1300 {
1301 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1302 , policy_shunt_names[shunt]);
1303 len += strlen(bitnamesbuf + len);
1304 }
1305 if (fail != 0)
1306 {
1307 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1308 , policy_fail_names[fail]);
1309 len += strlen(bitnamesbuf + len);
1310 }
1311 if (NEVER_NEGOTIATE(policy))
1312 {
1313 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1314 len += strlen(bitnamesbuf + len);
1315 }
1316 return bitnamesbuf;
1317 }
1318
1319 /* test a set by seeing if all bits have names */
1320
1321 bool
1322 testset(const char *const table[], lset_t val)
1323 {
1324 lset_t bit;
1325 const char *const *tp;
1326
1327 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1328 {
1329 const char *n = *tp;
1330
1331 if (n == NULL || ((val & bit) && *n == '\0'))
1332 return FALSE;
1333 val &= ~bit;
1334 }
1335 return TRUE;
1336 }
1337
1338
1339 const char sparse_end[] = "end of sparse names";
1340
1341 /* look up enum names in a sparse_names */
1342 const char *sparse_name(sparse_names sd, unsigned long val)
1343 {
1344 const struct sparse_name *p;
1345
1346 for (p = sd; p->name != sparse_end; p++)
1347 if (p->val == val)
1348 return p->name;
1349 return NULL;
1350 }
1351
1352 /* find or construct a string to describe an sparse value
1353 * Result may be in STATIC buffer!
1354 */
1355 const char *
1356 sparse_val_show(sparse_names sd, unsigned long val)
1357 {
1358 const char *p = sparse_name(sd, val);
1359
1360 if (p == NULL)
1361 {
1362 static char buf[12]; /* only one! I hope that it is big enough */
1363
1364 snprintf(buf, sizeof(buf), "%lu??", val);
1365 p = buf;
1366 }
1367 return p;
1368 }
1369
1370 void init_constants(void)
1371 {
1372 happy(anyaddr(AF_INET, &ipv4_any));
1373 happy(anyaddr(AF_INET6, &ipv6_any));
1374
1375 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1376 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1377
1378 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1379 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1380 }