e46728d8400049e9c95a1c1002c33ad5fa52d868
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Note that the array sizes are all specified; this is to enable range
18 * checking by code that only includes constants.h.
19 */
20
21 #include <stddef.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <netinet/in.h>
25
26 #include <freeswan.h>
27
28 #include "constants.h"
29 #include "defs.h"
30 #include "log.h"
31 #include "packet.h"
32
33 /* string naming compile-time options that have interop implications */
34
35 const char compile_time_interop_options[] = ""
36 #ifdef THREADS
37 " THREADS"
38 #endif
39 #ifdef SMARTCARD
40 " SMARTCARD"
41 #endif
42 #ifdef VENDORID
43 " VENDORID"
44 #endif
45 #ifdef CISCO_QUIRKS
46 " CISCO_QUIRKS"
47 #endif
48 #ifdef USE_KEYRR
49 " KEYRR"
50 #endif
51 ;
52
53 /* version */
54
55 static const char *const version_name[] = {
56 "ISAKMP Version 1.0",
57 };
58
59 enum_names version_names =
60 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
61 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
62 version_name, NULL };
63
64 /* RFC 2459 CRL reason codes */
65
66 ENUM(crl_reason_names, REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL,
67 "unspecified",
68 "key compromise",
69 "ca compromise",
70 "affiliation changed",
71 "superseded",
72 "cessation of operation",
73 "certificate hold",
74 "reason #7",
75 "remove from crl"
76 );
77
78 /* RFC 3706 Dead Peer Detection */
79
80 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
81 "none",
82 "clear",
83 "hold",
84 "restart"
85 );
86
87 /* Timer events */
88
89 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
90 "EVENT_NULL",
91 "EVENT_REINIT_SECRET",
92 "EVENT_SHUNT_SCAN",
93 "EVENT_SO_DISCARD",
94 "EVENT_RETRANSMIT",
95 "EVENT_SA_REPLACE",
96 "EVENT_SA_REPLACE_IF_USED",
97 "EVENT_SA_EXPIRE",
98 "EVENT_NAT_T_KEEPALIVE",
99 "EVENT_DPD",
100 "EVENT_DPD_TIMEOUT",
101 "EVENT_LOG_DAILY"
102 );
103
104 /* Domain of Interpretation */
105
106 static const char *const doi_name[] = {
107 "ISAKMP_DOI_ISAKMP",
108 "ISAKMP_DOI_IPSEC",
109 };
110
111 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
112
113 /* debugging settings: a set of selections for reporting
114 * These would be more naturally situated in log.h,
115 * but they are shared with whack.
116 * It turns out that "debug-" is clutter in all contexts this is used,
117 * so we leave it off.
118 */
119 #ifdef DEBUG
120 const char *const debug_bit_names[] = {
121 "raw",
122 "crypt",
123 "parsing",
124 "emitting",
125 "control",
126 "lifecycle",
127 "klips",
128 "dns",
129 "natt",
130 "oppo",
131 "controlmore",
132
133 "private",
134
135 "impair-delay-adns-key-answer",
136 "impair-delay-adns-txt-answer",
137 "impair-bust-mi2",
138 "impair-bust-mr2",
139
140 NULL
141 };
142 #endif
143
144 /* State of exchanges */
145
146 static const char *const state_name[] = {
147 "STATE_MAIN_R0",
148 "STATE_MAIN_I1",
149 "STATE_MAIN_R1",
150 "STATE_MAIN_I2",
151 "STATE_MAIN_R2",
152 "STATE_MAIN_I3",
153 "STATE_MAIN_R3",
154 "STATE_MAIN_I4",
155
156 "STATE_QUICK_R0",
157 "STATE_QUICK_I1",
158 "STATE_QUICK_R1",
159 "STATE_QUICK_I2",
160 "STATE_QUICK_R2",
161
162 "STATE_INFO",
163 "STATE_INFO_PROTECTED",
164
165 "STATE_XAUTH_I0",
166 "STATE_XAUTH_R1",
167 "STATE_XAUTH_I1",
168 "STATE_XAUTH_R2",
169 "STATE_XAUTH_I2",
170 "STATE_XAUTH_R3",
171
172 "STATE_MODE_CFG_R0",
173 "STATE_MODE_CFG_I1",
174 "STATE_MODE_CFG_R1",
175 "STATE_MODE_CFG_I2",
176
177 "STATE_MODE_CFG_I0",
178 "STATE_MODE_CFG_R3",
179 "STATE_MODE_CFG_I3",
180 "STATE_MODE_CFG_R4",
181
182 "STATE_IKE_ROOF"
183 };
184
185 enum_names state_names =
186 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
187
188 /* story for state */
189
190 const char *const state_story[] = {
191 "expecting MI1", /* STATE_MAIN_R0 */
192 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
193 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
194 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
195 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
196 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
197 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
198 "ISAKMP SA established", /* STATE_MAIN_I4 */
199
200 "expecting QI1", /* STATE_QUICK_R0 */
201 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
202 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
203 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
204 "IPsec SA established", /* STATE_QUICK_R2 */
205
206 "got Informational Message in clear", /* STATE_INFO */
207 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
208
209 "expecting XAUTH request", /* STATE_XAUTH_I0 */
210 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
211 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
212 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
213 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
214 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
215
216 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
217 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
218 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
219 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
220
221 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
222 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
223 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
224 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
225 };
226
227 /* kind of struct connection */
228
229 static const char *const connection_kind_name[] = {
230 "CK_GROUP", /* policy group: instantiates to template */
231 "CK_TEMPLATE", /* abstract connection, with wildcard */
232 "CK_PERMANENT", /* normal connection */
233 "CK_INSTANCE", /* instance of template, created for a particular attempt */
234 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
235 };
236
237 enum_names connection_kind_names =
238 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
239
240 /* routing status names */
241
242 static const char *const routing_story_strings[] = {
243 "unrouted", /* RT_UNROUTED: unrouted */
244 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
245 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
246 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
247 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
248 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
249 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
250 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
251 };
252
253 enum_names routing_story =
254 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
255
256 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
257
258 const char *const payload_name[] = {
259 "ISAKMP_NEXT_NONE",
260 "ISAKMP_NEXT_SA",
261 "ISAKMP_NEXT_P",
262 "ISAKMP_NEXT_T",
263 "ISAKMP_NEXT_KE",
264 "ISAKMP_NEXT_ID",
265 "ISAKMP_NEXT_CERT",
266 "ISAKMP_NEXT_CR",
267 "ISAKMP_NEXT_HASH",
268 "ISAKMP_NEXT_SIG",
269 "ISAKMP_NEXT_NONCE",
270 "ISAKMP_NEXT_N",
271 "ISAKMP_NEXT_D",
272 "ISAKMP_NEXT_VID",
273 "ISAKMP_NEXT_MODECFG",
274 "ISAKMP_NEXT_15",
275 "ISAKMP_NEXT_16",
276 "ISAKMP_NEXT_17",
277 "ISAKMP_NEXT_18",
278 "ISAKMP_NEXT_19",
279 "ISAKMP_NEXT_NAT-D",
280 "ISAKMP_NEXT_NAT-OA",
281 NULL
282 };
283
284 const char *const payload_name_nat_d[] = {
285 "ISAKMP_NEXT_NAT-D",
286 "ISAKMP_NEXT_NAT-OA", NULL
287 };
288
289 static enum_names payload_names_nat_d =
290 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
291
292 enum_names payload_names =
293 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
294
295 /* Exchange types (note: two discontinuous ranges) */
296
297 static const char *const exchange_name[] = {
298 "ISAKMP_XCHG_NONE",
299 "ISAKMP_XCHG_BASE",
300 "ISAKMP_XCHG_IDPROT",
301 "ISAKMP_XCHG_AO",
302 "ISAKMP_XCHG_AGGR",
303 "ISAKMP_XCHG_INFO",
304 "ISAKMP_XCHG_MODE_CFG",
305 };
306
307 static const char *const exchange_name2[] = {
308 "ISAKMP_XCHG_QUICK",
309 "ISAKMP_XCHG_NGRP",
310 "ISAKMP_XCHG_ACK_INFO",
311 };
312
313 static enum_names exchange_desc2 =
314 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
315
316 enum_names exchange_names =
317 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
318
319 /* Flag BITS */
320 const char *const flag_bit_names[] = {
321 "ISAKMP_FLAG_ENCRYPTION",
322 "ISAKMP_FLAG_COMMIT",
323 NULL
324 };
325
326 /* Situation BITS definition for IPsec DOI */
327
328 const char *const sit_bit_names[] = {
329 "SIT_IDENTITY_ONLY",
330 "SIT_SECRECY",
331 "SIT_INTEGRITY",
332 NULL
333 };
334
335 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
336
337 static const char *const protocol_name[] = {
338 "PROTO_ISAKMP",
339 "PROTO_IPSEC_AH",
340 "PROTO_IPSEC_ESP",
341 "PROTO_IPCOMP",
342 };
343
344 enum_names protocol_names =
345 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
346
347 /* IPsec ISAKMP transform values */
348
349 static const char *const isakmp_transform_name[] = {
350 "KEY_IKE",
351 };
352
353 enum_names isakmp_transformid_names =
354 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
355
356 /* IPsec AH transform values */
357
358 static const char *const ah_transform_name[] = {
359 "HMAC_MD5",
360 "HMAC_SHA1",
361 "DES_MAC",
362 "HMAC_SHA2_256",
363 "HMAC_SHA2_384",
364 "HMAC_SHA2_512",
365 "HMAC_RIPEMD",
366 "AES_XCBC_96",
367 "SIG_RSA"
368 };
369
370 enum_names ah_transformid_names =
371 { AH_MD5, AH_RSA, ah_transform_name, NULL };
372
373 /* IPsec ESP transform values */
374
375 static const char *const esp_transform_name[] = {
376 "DES_IV64",
377 "DES_CBC",
378 "3DES_CBC",
379 "RC5_CBC",
380 "IDEA_CBC",
381 "CAST_CBC",
382 "BLOWFISH_CBC",
383 "3IDEA",
384 "DES_IV32",
385 "RC4",
386 "NULL",
387 "AES_CBC",
388 "AES_CTR",
389 "AES_CCM_8",
390 "AES_CCM_12",
391 "AES_CCM_16",
392 "UNASSIGNED_17",
393 "AES_GCM_8",
394 "AES_GCM_12",
395 "AES_GCM_16",
396 "SEED_CBC",
397 "CAMELLIA_CBC"
398 };
399
400 static const char *const esp_transform_name_high[] = {
401 "SERPENT_CBC",
402 "TWOFISH_CBC"
403 };
404
405 enum_names esp_transformid_names_high =
406 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
407
408 enum_names esp_transformid_names =
409 { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
410
411 /* IPCOMP transform values */
412
413 static const char *const ipcomp_transform_name[] = {
414 "IPCOMP_OUI",
415 "IPCOMP_DEFLAT",
416 "IPCOMP_LZS",
417 "IPCOMP_LZJH",
418 };
419
420 enum_names ipcomp_transformid_names =
421 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
422
423 /* Identification type values */
424
425 static const char *const ident_name[] = {
426 "ID_IPV4_ADDR",
427 "ID_FQDN",
428 "ID_USER_FQDN",
429 "ID_IPV4_ADDR_SUBNET",
430 "ID_IPV6_ADDR",
431 "ID_IPV6_ADDR_SUBNET",
432 "ID_IPV4_ADDR_RANGE",
433 "ID_IPV6_ADDR_RANGE",
434 "ID_DER_ASN1_DN",
435 "ID_DER_ASN1_GN",
436 "ID_KEY_ID",
437 };
438
439 enum_names ident_names =
440 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
441
442 /* Certificate type values */
443
444 static const char *const cert_type_name[] = {
445 "CERT_NONE",
446 "CERT_PKCS7_WRAPPED_X509",
447 "CERT_PGP",
448 "CERT_DNS_SIGNED_KEY",
449 "CERT_X509_SIGNATURE",
450 "CERT_X509_KEY_EXCHANGE",
451 "CERT_KERBEROS_TOKENS",
452 "CERT_CRL",
453 "CERT_ARL",
454 "CERT_SPKI",
455 "CERT_X509_ATTRIBUTE",
456 };
457
458 enum_names cert_type_names =
459 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
460
461 /* Certificate policy names */
462
463 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
464 "ALWAYS_SEND",
465 "SEND_IF_ASKED",
466 "NEVER_SEND",
467 );
468
469 /* Goal BITs for establishing an SA
470 * Note: we drop the POLICY_ prefix so that logs are more concise.
471 */
472
473 const char *const sa_policy_bit_names[] = {
474 "PSK",
475 "PUBKEY",
476 "ENCRYPT",
477 "AUTHENTICATE",
478 "COMPRESS",
479 "TUNNEL",
480 "PFS",
481 "DISABLEARRIVALCHECK",
482 "SHUNT0",
483 "SHUNT1",
484 "FAILSHUNT0",
485 "FAILSHUNT1",
486 "DONTREKEY",
487 "OPPORTUNISTIC",
488 "GROUP",
489 "GROUTED",
490 "UP",
491 "MODECFGPUSH",
492 "XAUTHPSK",
493 "XAUTHRSASIG",
494 "XAUTHSERVER",
495 "DONTREAUTH",
496 "BEET",
497 "MOBIKE",
498 "PROXY",
499 NULL
500 };
501
502 const char *const policy_shunt_names[4] = {
503 "TRAP",
504 "PASS",
505 "DROP",
506 "REJECT",
507 };
508
509 const char *const policy_fail_names[4] = {
510 "NONE",
511 "PASS",
512 "DROP",
513 "REJECT",
514 };
515
516 /* Oakley transform attributes
517 * oakley_attr_bit_names does double duty: it is used for enum names
518 * and bit names.
519 */
520
521 const char *const oakley_attr_bit_names[] = {
522 "OAKLEY_ENCRYPTION_ALGORITHM",
523 "OAKLEY_HASH_ALGORITHM",
524 "OAKLEY_AUTHENTICATION_METHOD",
525 "OAKLEY_GROUP_DESCRIPTION",
526 "OAKLEY_GROUP_TYPE",
527 "OAKLEY_GROUP_PRIME",
528 "OAKLEY_GROUP_GENERATOR_ONE",
529 "OAKLEY_GROUP_GENERATOR_TWO",
530 "OAKLEY_GROUP_CURVE_A",
531 "OAKLEY_GROUP_CURVE_B",
532 "OAKLEY_LIFE_TYPE",
533 "OAKLEY_LIFE_DURATION",
534 "OAKLEY_PRF",
535 "OAKLEY_KEY_LENGTH",
536 "OAKLEY_FIELD_SIZE",
537 "OAKLEY_GROUP_ORDER",
538 "OAKLEY_BLOCK_SIZE",
539 NULL
540 };
541
542 static const char *const oakley_var_attr_name[] = {
543 "OAKLEY_GROUP_PRIME (variable length)",
544 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
545 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
546 "OAKLEY_GROUP_CURVE_A (variable length)",
547 "OAKLEY_GROUP_CURVE_B (variable length)",
548 NULL,
549 "OAKLEY_LIFE_DURATION (variable length)",
550 NULL,
551 NULL,
552 NULL,
553 "OAKLEY_GROUP_ORDER (variable length)",
554 };
555
556 static enum_names oakley_attr_desc_tv = {
557 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
558 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
559
560 enum_names oakley_attr_names = {
561 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
562 oakley_var_attr_name, &oakley_attr_desc_tv };
563
564 /* for each Oakley attribute, which enum_names describes its values? */
565 enum_names *oakley_attr_val_descs[] = {
566 NULL, /* (none) */
567 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
568 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
569 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
570 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
571 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
572 NULL, /* OAKLEY_GROUP_PRIME */
573 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
574 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
575 NULL, /* OAKLEY_GROUP_CURVE_A */
576 NULL, /* OAKLEY_GROUP_CURVE_B */
577 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
578 NULL, /* OAKLEY_LIFE_DURATION */
579 &oakley_prf_names, /* OAKLEY_PRF */
580 NULL, /* OAKLEY_KEY_LENGTH */
581 NULL, /* OAKLEY_FIELD_SIZE */
582 NULL, /* OAKLEY_GROUP_ORDER */
583 };
584
585 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
586
587 static const char *const ipsec_attr_name[] = {
588 "SA_LIFE_TYPE",
589 "SA_LIFE_DURATION",
590 "GROUP_DESCRIPTION",
591 "ENCAPSULATION_MODE",
592 "AUTH_ALGORITHM",
593 "KEY_LENGTH",
594 "KEY_ROUNDS",
595 "COMPRESS_DICT_SIZE",
596 "COMPRESS_PRIVATE_ALG",
597 };
598
599 static const char *const ipsec_var_attr_name[] = {
600 "SA_LIFE_DURATION (variable length)",
601 NULL,
602 NULL,
603 NULL,
604 NULL,
605 NULL,
606 NULL,
607 "COMPRESS_PRIVATE_ALG (variable length)",
608 };
609
610 static enum_names ipsec_attr_desc_tv = {
611 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
612 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
613 ipsec_attr_name, NULL };
614
615 enum_names ipsec_attr_names = {
616 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
617 ipsec_var_attr_name, &ipsec_attr_desc_tv };
618
619 /* for each IPsec attribute, which enum_names describes its values? */
620 enum_names *ipsec_attr_val_descs[] = {
621 NULL, /* (none) */
622 &sa_lifetime_names, /* SA_LIFE_TYPE */
623 NULL, /* SA_LIFE_DURATION */
624 &oakley_group_names, /* GROUP_DESCRIPTION */
625 &enc_mode_names, /* ENCAPSULATION_MODE */
626 &auth_alg_names, /* AUTH_ALGORITHM */
627 NULL, /* KEY_LENGTH */
628 NULL, /* KEY_ROUNDS */
629 NULL, /* COMPRESS_DICT_SIZE */
630 NULL, /* COMPRESS_PRIVATE_ALG */
631 };
632
633 /* SA Lifetime Type attribute */
634
635 static const char *const sa_lifetime_name[] = {
636 "SA_LIFE_TYPE_SECONDS",
637 "SA_LIFE_TYPE_KBYTES",
638 };
639
640 enum_names sa_lifetime_names =
641 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
642
643 /* Encapsulation Mode attribute */
644
645 static const char *const enc_mode_name[] = {
646 "ENCAPSULATION_MODE_TUNNEL",
647 "ENCAPSULATION_MODE_TRANSPORT",
648 "ENCAPSULATION_MODE_UDP_TUNNEL",
649 "ENCAPSULATION_MODE_UDP_TRANSPORT",
650 };
651
652 static const char *const enc_udp_mode_name[] = {
653 "ENCAPSULATION_MODE_UDP_TUNNEL",
654 "ENCAPSULATION_MODE_UDP_TRANSPORT",
655 };
656
657 static enum_names enc_udp_mode_names =
658 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
659
660 enum_names enc_mode_names =
661 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
662
663 /* Auth Algorithm attribute */
664
665 static const char *const auth_alg_name[] = {
666 "AUTH_NONE",
667 "HMAC_MD5",
668 "HMAC_SHA1",
669 "DES_MAC",
670 "KPDK",
671 "HMAC_SHA2_256",
672 "HMAC_SHA2_384",
673 "HMAC_SHA2_512",
674 "HMAC_RIPEMD",
675 "AES_XCBC_96",
676 "SIG_RSA"
677 };
678
679 static const char *const extended_auth_alg_name[] = {
680 "NULL"
681 };
682
683 enum_names extended_auth_alg_names =
684 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
685
686 enum_names auth_alg_names =
687 { AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
688 , &extended_auth_alg_names };
689
690 /* From draft-beaulieu-ike-xauth */
691 static const char *const xauth_type_name[] = {
692 "Generic",
693 "RADIUS-CHAP",
694 "OTP",
695 "S/KEY",
696 };
697
698 enum_names xauth_type_names =
699 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
700
701 /* From draft-beaulieu-ike-xauth */
702 static const char *const xauth_attr_tv_name[] = {
703 "XAUTH_TYPE",
704 NULL,
705 NULL,
706 NULL,
707 NULL,
708 NULL,
709 NULL,
710 "XAUTH_STATUS",
711 };
712
713 enum_names xauth_attr_tv_names = {
714 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
715 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
716
717 static const char *const unity_attr_name[] = {
718 "UNITY_BANNER",
719 "UNITY_SAVE_PASSWD",
720 "UNITY_DEF_DOMAIN",
721 "UNITY_SPLITDNS_NAME",
722 "UNITY_SPLIT_INCLUDE",
723 "UNITY_NATT_PORT",
724 "UNITY_LOCAL_LAN",
725 "UNITY_PFS",
726 "UNITY_FW_TYPE",
727 "UNITY_BACKUP_SERVERS",
728 "UNITY_DDNS_HOSTNAME",
729 };
730
731 enum_names unity_attr_names =
732 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
733
734 static const char *const microsoft_attr_name[] = {
735 "INTERNAL_IP4_SERVER",
736 "INTERNAL_IP6_SERVER",
737 };
738
739 enum_names microsoft_attr_names =
740 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
741
742 static const char *const xauth_attr_name[] = {
743 "XAUTH_USER_NAME",
744 "XAUTH_USER_PASSWORD",
745 "XAUTH_PASSCODE",
746 "XAUTH_MESSAGE",
747 "XAUTH_CHALLENGE",
748 "XAUTH_DOMAIN",
749 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
750 "XAUTH_NEXT_PIN",
751 "XAUTH_ANSWER",
752 };
753
754 enum_names xauth_attr_names =
755 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
756
757 static const char *const modecfg_attr_name[] = {
758 "INTERNAL_IP4_ADDRESS",
759 "INTERNAL_IP4_NETMASK",
760 "INTERNAL_IP4_DNS",
761 "INTERNAL_IP4_NBNS",
762 "INTERNAL_ADDRESS_EXPIRY",
763 "INTERNAL_IP4_DHCP",
764 "APPLICATION_VERSION",
765 "INTERNAL_IP6_ADDRESS",
766 "INTERNAL_IP6_NETMASK",
767 "INTERNAL_IP6_DNS",
768 "INTERNAL_IP6_NBNS",
769 "INTERNAL_IP6_DHCP",
770 "INTERNAL_IP4_SUBNET",
771 "SUPPORTED_ATTRIBUTES",
772 "INTERNAL_IP6_SUBNET",
773 };
774
775 enum_names modecfg_attr_names =
776 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
777
778 /* Oakley Lifetime Type attribute */
779
780 static const char *const oakley_lifetime_name[] = {
781 "OAKLEY_LIFE_SECONDS",
782 "OAKLEY_LIFE_KILOBYTES",
783 };
784
785 enum_names oakley_lifetime_names =
786 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
787
788 /* Oakley PRF attribute (none defined) */
789
790 enum_names oakley_prf_names =
791 { 1, 0, NULL, NULL };
792
793 /* Oakley Encryption Algorithm attribute */
794
795 static const char *const oakley_enc_name[] = {
796 "DES_CBC",
797 "IDEA_CBC",
798 "BLOWFISH_CBC",
799 "RC5_R16_B64_CBC",
800 "3DES_CBC",
801 "CAST_CBC",
802 "AES_CBC",
803 "CAMELLIA_CBC"
804 };
805
806 #ifdef NO_EXTRA_IKE
807 enum_names oakley_enc_names =
808 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
809 #else
810 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
811 "MARS_CBC" /* 65001 */,
812 "RC6_CBC" /* 65002 */,
813 "ID_65003" /* 65003 */,
814 "SERPENT_CBC" /* 65004 */,
815 "TWOFISH_CBC" /* 65005 */,
816 };
817
818 static const char *const oakley_enc_name_ssh[] = {
819 "TWOFISH_CBC_SSH",
820 };
821
822 enum_names oakley_enc_names_ssh =
823 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
824 , NULL };
825
826 enum_names oakley_enc_names_draft_aes_cbc_02 =
827 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
828 , &oakley_enc_names_ssh };
829
830 enum_names oakley_enc_names =
831 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
832 , &oakley_enc_names_draft_aes_cbc_02 };
833 #endif
834
835 /* Oakley Hash Algorithm attribute */
836
837 static const char *const oakley_hash_name[] = {
838 "HMAC_MD5",
839 "HMAC_SHA1",
840 "HMAC_TIGER",
841 "HMAC_SHA2_256",
842 "HMAC_SHA2_384",
843 "HMAC_SHA2_512",
844 };
845
846 enum_names oakley_hash_names =
847 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
848
849 /* Oakley Authentication Method attribute */
850
851 static const char *const oakley_auth_name1[] = {
852 "pre-shared key",
853 "DSS signature",
854 "RSA signature",
855 "RSA encryption",
856 "RSA encryption revised",
857 "ElGamal encryption",
858 "ELGamal encryption revised",
859 "ECDSA signature",
860 "ECDSA-256 signature",
861 "ECDSA-384 signature",
862 "ECDSA-521-signature",
863 };
864
865 static const char *const oakley_auth_name2[] = {
866 "HybridInitRSA",
867 "HybridRespRSA",
868 "HybridInitDSS",
869 "HybridRespDSS",
870 };
871
872 static const char *const oakley_auth_name3[] = {
873 "XAUTHInitPreShared",
874 "XAUTHRespPreShared",
875 "XAUTHInitDSS",
876 "XAUTHRespDSS",
877 "XAUTHInitRSA",
878 "XAUTHRespRSA",
879 "XAUTHInitRSAEncryption",
880 "XAUTHRespRSAEncryption",
881 "XAUTHInitRSARevisedEncryption",
882 "XAUTHRespRSARevisedEncryption",
883 };
884
885 static enum_names oakley_auth_names1 =
886 { OAKLEY_PRESHARED_KEY, OAKLEY_ECDSA_521
887 , oakley_auth_name1, NULL };
888
889 static enum_names oakley_auth_names2 =
890 { HybridInitRSA, HybridRespDSS
891 , oakley_auth_name2, &oakley_auth_names1 };
892
893 enum_names oakley_auth_names =
894 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
895 , oakley_auth_name3, &oakley_auth_names2 };
896
897 /* Oakley Group Description attribute */
898
899 static const char *const oakley_group_name[] = {
900 "MODP_768",
901 "MODP_1024",
902 "GP_155",
903 "GP_185",
904 "MODP_1536",
905 };
906
907 static const char *const oakley_group_name_rfc3526[] = {
908 "MODP_2048",
909 "MODP_3072",
910 "MODP_4096",
911 "MODP_6144",
912 "MODP_8192"
913 };
914
915 static const char *const oakley_group_name_rfc4753[] = {
916 "ECP_256",
917 "ECP_384",
918 "ECP_521"
919 };
920
921 static const char *const oakley_group_name_rfc5114[] = {
922 "ECP_192",
923 "ECP_224"
924 };
925
926 enum_names oakley_group_names_rfc5114 =
927 { ECP_192_BIT, ECP_224_BIT,
928 oakley_group_name_rfc5114, NULL };
929
930 enum_names oakley_group_names_rfc4753 =
931 { ECP_256_BIT, ECP_521_BIT,
932 oakley_group_name_rfc4753, &oakley_group_names_rfc5114 };
933
934 enum_names oakley_group_names_rfc3526 =
935 { MODP_2048_BIT, MODP_8192_BIT,
936 oakley_group_name_rfc3526, &oakley_group_names_rfc4753 };
937
938 enum_names oakley_group_names =
939 { MODP_768_BIT, MODP_1536_BIT,
940 oakley_group_name, &oakley_group_names_rfc3526 };
941
942 /* Oakley Group Type attribute */
943
944 static const char *const oakley_group_type_name[] = {
945 "OAKLEY_GROUP_TYPE_MODP",
946 "OAKLEY_GROUP_TYPE_ECP",
947 "OAKLEY_GROUP_TYPE_EC2N",
948 };
949
950 enum_names oakley_group_type_names =
951 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
952
953 /* Notify messages -- error types */
954
955 static const char *const notification_name[] = {
956 "INVALID_PAYLOAD_TYPE",
957 "DOI_NOT_SUPPORTED",
958 "SITUATION_NOT_SUPPORTED",
959 "INVALID_COOKIE",
960 "INVALID_MAJOR_VERSION",
961 "INVALID_MINOR_VERSION",
962 "INVALID_EXCHANGE_TYPE",
963 "INVALID_FLAGS",
964 "INVALID_MESSAGE_ID",
965 "INVALID_PROTOCOL_ID",
966 "INVALID_SPI",
967 "INVALID_TRANSFORM_ID",
968 "ATTRIBUTES_NOT_SUPPORTED",
969 "NO_PROPOSAL_CHOSEN",
970 "BAD_PROPOSAL_SYNTAX",
971 "PAYLOAD_MALFORMED",
972 "INVALID_KEY_INFORMATION",
973 "INVALID_ID_INFORMATION",
974 "INVALID_CERT_ENCODING",
975 "INVALID_CERTIFICATE",
976 "CERT_TYPE_UNSUPPORTED",
977 "INVALID_CERT_AUTHORITY",
978 "INVALID_HASH_INFORMATION",
979 "AUTHENTICATION_FAILED",
980 "INVALID_SIGNATURE",
981 "ADDRESS_NOTIFICATION",
982 "NOTIFY_SA_LIFETIME",
983 "CERTIFICATE_UNAVAILABLE",
984 "UNSUPPORTED_EXCHANGE_TYPE",
985 "UNEQUAL_PAYLOAD_LENGTHS",
986 };
987
988 static const char *const notification_status_name[] = {
989 "CONNECTED",
990 };
991
992 static const char *const ipsec_notification_name[] = {
993 "IPSEC_RESPONDER_LIFETIME",
994 "IPSEC_REPLAY_STATUS",
995 "IPSEC_INITIAL_CONTACT",
996 };
997
998 static const char *const notification_dpd_name[] = {
999 "R_U_THERE",
1000 "R_U_THERE_ACK",
1001 };
1002
1003 enum_names notification_dpd_names =
1004 { R_U_THERE, R_U_THERE_ACK,
1005 notification_dpd_name, NULL };
1006
1007 enum_names ipsec_notification_names =
1008 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
1009 ipsec_notification_name, &notification_dpd_names };
1010
1011 enum_names notification_status_names =
1012 { CONNECTED, CONNECTED,
1013 notification_status_name, &ipsec_notification_names };
1014
1015 enum_names notification_names =
1016 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
1017 notification_name, &notification_status_names };
1018
1019 /* MODECFG
1020 * From draft-dukes-ike-mode-cfg
1021 */
1022 const char *const attr_msg_type_name[] = {
1023 "ISAKMP_CFG_RESERVED",
1024 "ISAKMP_CFG_REQUEST",
1025 "ISAKMP_CFG_REPLY",
1026 "ISAKMP_CFG_SET",
1027 "ISAKMP_CFG_ACK",
1028 NULL
1029 };
1030
1031 enum_names attr_msg_type_names =
1032 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1033
1034 /* socket address family info */
1035
1036 static const char *const af_inet_name[] = {
1037 "AF_INET",
1038 };
1039
1040 static const char *const af_inet6_name[] = {
1041 "AF_INET6",
1042 };
1043
1044 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1045
1046 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1047
1048 static ip_address ipv4_any, ipv6_any;
1049 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1050 static ip_subnet ipv4_all, ipv6_all;
1051
1052 const struct af_info af_inet4_info = {
1053 AF_INET,
1054 "AF_INET",
1055 sizeof(struct in_addr),
1056 sizeof(struct sockaddr_in),
1057 32,
1058 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1059 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1060 };
1061
1062 const struct af_info af_inet6_info = {
1063 AF_INET6,
1064 "AF_INET6",
1065 sizeof(struct in6_addr),
1066 sizeof(struct sockaddr_in6),
1067 128,
1068 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1069 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1070 };
1071
1072 const struct af_info *
1073 aftoinfo(int af)
1074 {
1075 switch (af)
1076 {
1077 case AF_INET:
1078 return &af_inet4_info;
1079 case AF_INET6:
1080 return &af_inet6_info;
1081 default:
1082 return NULL;
1083 }
1084 }
1085
1086 bool subnetisnone(const ip_subnet *sn)
1087 {
1088 ip_address base;
1089
1090 networkof(sn, &base);
1091 return isanyaddr(&base) && subnetishost(sn);
1092 }
1093
1094 /* BIND enumerated types */
1095
1096 #include <arpa/nameser.h>
1097
1098 static const char *const rr_type_name[] = {
1099 "T_A", /* 1 host address */
1100 "T_NS", /* 2 authoritative server */
1101 "T_MD", /* 3 mail destination */
1102 "T_MF", /* 4 mail forwarder */
1103 "T_CNAME", /* 5 canonical name */
1104 "T_SOA", /* 6 start of authority zone */
1105 "T_MB", /* 7 mailbox domain name */
1106 "T_MG", /* 8 mail group member */
1107 "T_MR", /* 9 mail rename name */
1108 "T_NULL", /* 10 null resource record */
1109 "T_WKS", /* 11 well known service */
1110 "T_PTR", /* 12 domain name pointer */
1111 "T_HINFO", /* 13 host information */
1112 "T_MINFO", /* 14 mailbox information */
1113 "T_MX", /* 15 mail routing information */
1114 "T_TXT", /* 16 text strings */
1115 "T_RP", /* 17 responsible person */
1116 "T_AFSDB", /* 18 AFS cell database */
1117 "T_X25", /* 19 X_25 calling address */
1118 "T_ISDN", /* 20 ISDN calling address */
1119 "T_RT", /* 21 router */
1120 "T_NSAP", /* 22 NSAP address */
1121 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1122 "T_SIG", /* 24 security signature */
1123 "T_KEY", /* 25 security key */
1124 "T_PX", /* 26 X.400 mail mapping */
1125 "T_GPOS", /* 27 geographical position (withdrawn) */
1126 "T_AAAA", /* 28 IP6 Address */
1127 "T_LOC", /* 29 Location Information */
1128 "T_NXT", /* 30 Next Valid Name in Zone */
1129 "T_EID", /* 31 Endpoint identifier */
1130 "T_NIMLOC", /* 32 Nimrod locator */
1131 "T_SRV", /* 33 Server selection */
1132 "T_ATMA", /* 34 ATM Address */
1133 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1134 NULL
1135 };
1136
1137 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1138
1139 /* Query type values which do not appear in resource records */
1140 static const char *const rr_qtype_name[] = {
1141 "T_IXFR", /* 251 incremental zone transfer */
1142 "T_AXFR", /* 252 transfer zone of authority */
1143 "T_MAILB", /* 253 transfer mailbox records */
1144 "T_MAILA", /* 254 transfer mail agent records */
1145 "T_ANY", /* 255 wildcard match */
1146 NULL
1147 };
1148
1149 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1150
1151 static const char *const rr_class_name[] = {
1152 "C_IN", /* 1 the arpa internet */
1153 NULL
1154 };
1155
1156 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1157
1158 /*
1159 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1160 *
1161 */
1162 const char *const natt_type_bitnames[] = {
1163 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1164 "draft-ietf-ipsec-nat-t-ike-02/03",
1165 "RFC 3947",
1166 "3", /* 3 */
1167 "4", "5", "6", "7",
1168 "8", "9", "10", "11",
1169 "12", "13", "14", "15",
1170 "16", "17", "18", "19",
1171 "20", "21", "22", "23",
1172 "24", "25", "26", "27",
1173 "28", "29",
1174 "nat is behind me",
1175 "nat is behind peer"
1176 };
1177
1178 /* look up enum names in an enum_names */
1179
1180 const char* enum_name(enum_names *ed, unsigned long val)
1181 {
1182 enum_names *p;
1183
1184 for (p = ed; p != NULL; p = p->en_next_range)
1185 {
1186 if (p->en_first <= val && val <= p->en_last)
1187 return p->en_names[val - p->en_first];
1188 }
1189 return NULL;
1190 }
1191
1192 /* find or construct a string to describe an enum value
1193 * Result may be in STATIC buffer!
1194 */
1195 const char *
1196 enum_show(enum_names *ed, unsigned long val)
1197 {
1198 const char *p = enum_name(ed, val);
1199
1200 if (p == NULL)
1201 {
1202 static char buf[12]; /* only one! I hope that it is big enough */
1203
1204 snprintf(buf, sizeof(buf), "%lu??", val);
1205 p = buf;
1206 }
1207 return p;
1208 }
1209
1210
1211 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1212
1213 int
1214 enum_search(enum_names *ed, const char *str)
1215 {
1216 enum_names *p;
1217 const char *ptr;
1218 unsigned en;
1219
1220 for (p = ed; p != NULL; p = p->en_next_range)
1221 {
1222 for (en = p->en_first; en <= p->en_last ;en++)
1223 {
1224 ptr = p->en_names[en - p->en_first];
1225 if (ptr == 0)
1226 {
1227 continue;
1228 }
1229 if (streq(ptr, str))
1230 {
1231 return en;
1232 }
1233 }
1234 }
1235 return -1;
1236 }
1237
1238 /* construct a string to name the bits on in a set
1239 * Result may be in STATIC buffer!
1240 * Note: prettypolicy depends on internal details.
1241 */
1242 const char* bitnamesof(const char *const table[], lset_t val)
1243 {
1244 char *p = bitnamesbuf;
1245 lset_t bit;
1246 const char *const *tp;
1247
1248 if (val == 0)
1249 return "none";
1250
1251 for (tp = table, bit = 01; val != 0; bit <<= 1)
1252 {
1253 if (val & bit)
1254 {
1255 const char *n = *tp;
1256 size_t nl;
1257
1258 if (n == NULL || *n == '\0')
1259 {
1260 /* no name for this bit, so use hex */
1261 static char flagbuf[sizeof("0x80000000")];
1262
1263 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1264 n = flagbuf;
1265 }
1266
1267 nl = strlen(n);
1268
1269 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1270 *p++ = '+';
1271
1272 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1273 {
1274 strcpy(p, n);
1275 p += nl;
1276 }
1277 val -= bit;
1278 }
1279 if (*tp != NULL)
1280 tp++; /* move on, but not past end */
1281 }
1282 *p = '\0';
1283 return bitnamesbuf;
1284 }
1285
1286 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1287 * Suppress the shunt and fail fields if 0.
1288 */
1289 const char* prettypolicy(lset_t policy)
1290 {
1291 const char *bn = bitnamesof(sa_policy_bit_names
1292 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1293 size_t len;
1294 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1295 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1296
1297 if (bn != bitnamesbuf)
1298 bitnamesbuf[0] = '\0';
1299 len = strlen(bitnamesbuf);
1300 if (shunt != 0)
1301 {
1302 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1303 , policy_shunt_names[shunt]);
1304 len += strlen(bitnamesbuf + len);
1305 }
1306 if (fail != 0)
1307 {
1308 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1309 , policy_fail_names[fail]);
1310 len += strlen(bitnamesbuf + len);
1311 }
1312 if (NEVER_NEGOTIATE(policy))
1313 {
1314 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1315 len += strlen(bitnamesbuf + len);
1316 }
1317 return bitnamesbuf;
1318 }
1319
1320 /* test a set by seeing if all bits have names */
1321
1322 bool testset(const char *const table[], lset_t val)
1323 {
1324 lset_t bit;
1325 const char *const *tp;
1326
1327 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1328 {
1329 const char *n = *tp;
1330
1331 if (n == NULL || ((val & bit) && *n == '\0'))
1332 return FALSE;
1333 val &= ~bit;
1334 }
1335 return TRUE;
1336 }
1337
1338
1339 const char sparse_end[] = "end of sparse names";
1340
1341 /* look up enum names in a sparse_names */
1342 const char *sparse_name(sparse_names sd, unsigned long val)
1343 {
1344 const struct sparse_name *p;
1345
1346 for (p = sd; p->name != sparse_end; p++)
1347 if (p->val == val)
1348 return p->name;
1349 return NULL;
1350 }
1351
1352 /* find or construct a string to describe an sparse value
1353 * Result may be in STATIC buffer!
1354 */
1355 const char* sparse_val_show(sparse_names sd, unsigned long val)
1356 {
1357 const char *p = sparse_name(sd, val);
1358
1359 if (p == NULL)
1360 {
1361 static char buf[12]; /* only one! I hope that it is big enough */
1362
1363 snprintf(buf, sizeof(buf), "%lu??", val);
1364 p = buf;
1365 }
1366 return p;
1367 }
1368
1369 void init_constants(void)
1370 {
1371 happy(anyaddr(AF_INET, &ipv4_any));
1372 happy(anyaddr(AF_INET6, &ipv6_any));
1373
1374 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1375 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1376
1377 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1378 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1379 }
1380
1381 u_char secret_of_the_day[HASH_SIZE_SHA1];
1382
1383