ec7bfaf78d3b0ee58b278376e1ab8b37b210227d
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Note that the array sizes are all specified; this is to enable range
18 * checking by code that only includes constants.h.
19 */
20
21 #include <stddef.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <netinet/in.h>
25
26 #include <freeswan.h>
27
28 #include <attributes/attributes.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef SMARTCARD
42 " SMARTCARD"
43 #endif
44 #ifdef VENDORID
45 " VENDORID"
46 #endif
47 #ifdef CISCO_QUIRKS
48 " CISCO_QUIRKS"
49 #endif
50 #ifdef USE_KEYRR
51 " KEYRR"
52 #endif
53 ;
54
55 /* version */
56
57 static const char *const version_name[] = {
58 "ISAKMP Version 1.0",
59 };
60
61 enum_names version_names =
62 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
63 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
64 version_name, NULL };
65
66 /* RFC 3706 Dead Peer Detection */
67
68 ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
69 "none",
70 "clear",
71 "hold",
72 "restart"
73 );
74
75 /* Timer events */
76
77 ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
78 "EVENT_NULL",
79 "EVENT_REINIT_SECRET",
80 "EVENT_SO_DISCARD",
81 "EVENT_RETRANSMIT",
82 "EVENT_SA_REPLACE",
83 "EVENT_SA_REPLACE_IF_USED",
84 "EVENT_SA_EXPIRE",
85 "EVENT_NAT_T_KEEPALIVE",
86 "EVENT_DPD",
87 "EVENT_DPD_TIMEOUT",
88 "EVENT_LOG_DAILY"
89 );
90
91 /* Domain of Interpretation */
92
93 static const char *const doi_name[] = {
94 "ISAKMP_DOI_ISAKMP",
95 "ISAKMP_DOI_IPSEC",
96 };
97
98 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
99
100 /* debugging settings: a set of selections for reporting
101 * These would be more naturally situated in log.h,
102 * but they are shared with whack.
103 * It turns out that "debug-" is clutter in all contexts this is used,
104 * so we leave it off.
105 */
106 #ifdef DEBUG
107 const char *const debug_bit_names[] = {
108 "raw",
109 "crypt",
110 "parsing",
111 "emitting",
112 "control",
113 "lifecycle",
114 "kernel",
115 "dns",
116 "natt",
117 "oppo",
118 "controlmore",
119
120 "private",
121
122 "impair-delay-adns-key-answer",
123 "impair-delay-adns-txt-answer",
124 "impair-bust-mi2",
125 "impair-bust-mr2",
126
127 NULL
128 };
129 #endif
130
131 /* State of exchanges */
132
133 static const char *const state_name[] = {
134 "STATE_UNDEFINED",
135
136 "STATE_MAIN_R0",
137 "STATE_MAIN_I1",
138 "STATE_MAIN_R1",
139 "STATE_MAIN_I2",
140 "STATE_MAIN_R2",
141 "STATE_MAIN_I3",
142 "STATE_MAIN_R3",
143 "STATE_MAIN_I4",
144
145 "STATE_QUICK_R0",
146 "STATE_QUICK_I1",
147 "STATE_QUICK_R1",
148 "STATE_QUICK_I2",
149 "STATE_QUICK_R2",
150
151 "STATE_INFO",
152 "STATE_INFO_PROTECTED",
153
154 "STATE_XAUTH_I0",
155 "STATE_XAUTH_R1",
156 "STATE_XAUTH_I1",
157 "STATE_XAUTH_R2",
158 "STATE_XAUTH_I2",
159 "STATE_XAUTH_R3",
160
161 "STATE_MODE_CFG_R0",
162 "STATE_MODE_CFG_I1",
163 "STATE_MODE_CFG_R1",
164 "STATE_MODE_CFG_I2",
165
166 "STATE_MODE_CFG_I0",
167 "STATE_MODE_CFG_R3",
168 "STATE_MODE_CFG_I3",
169 "STATE_MODE_CFG_R4",
170
171 "STATE_IKE_ROOF"
172 };
173
174 enum_names state_names =
175 { STATE_UNDEFINED, STATE_IKE_ROOF-1, state_name, NULL };
176
177 /* story for state */
178
179 const char *const state_story[] = {
180 "undefined state after error", /* STATE_UNDEFINED */
181 "expecting MI1", /* STATE_MAIN_R0 */
182 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
183 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
184 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
185 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
186 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
187 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
188 "ISAKMP SA established", /* STATE_MAIN_I4 */
189
190 "expecting QI1", /* STATE_QUICK_R0 */
191 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
192 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
193 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
194 "IPsec SA established", /* STATE_QUICK_R2 */
195
196 "got Informational Message in clear", /* STATE_INFO */
197 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
198
199 "expecting XAUTH request", /* STATE_XAUTH_I0 */
200 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
201 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
202 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
203 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
204 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
205
206 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
207 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
208 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
209 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
210
211 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
212 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
213 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
214 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
215 };
216
217 /* kind of struct connection */
218
219 static const char *const connection_kind_name[] = {
220 "CK_GROUP", /* policy group: instantiates to template */
221 "CK_TEMPLATE", /* abstract connection, with wildcard */
222 "CK_PERMANENT", /* normal connection */
223 "CK_INSTANCE", /* instance of template, created for a particular attempt */
224 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
225 };
226
227 enum_names connection_kind_names =
228 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
229
230 /* routing status names */
231
232 static const char *const routing_story_strings[] = {
233 "unrouted", /* RT_UNROUTED: unrouted */
234 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
235 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
236 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
237 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
238 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
239 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
240 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
241 };
242
243 enum_names routing_story =
244 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
245
246 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
247
248 const char *const payload_name[] = {
249 "ISAKMP_NEXT_NONE",
250 "ISAKMP_NEXT_SA",
251 "ISAKMP_NEXT_P",
252 "ISAKMP_NEXT_T",
253 "ISAKMP_NEXT_KE",
254 "ISAKMP_NEXT_ID",
255 "ISAKMP_NEXT_CERT",
256 "ISAKMP_NEXT_CR",
257 "ISAKMP_NEXT_HASH",
258 "ISAKMP_NEXT_SIG",
259 "ISAKMP_NEXT_NONCE",
260 "ISAKMP_NEXT_N",
261 "ISAKMP_NEXT_D",
262 "ISAKMP_NEXT_VID",
263 "ISAKMP_NEXT_MODECFG",
264 "ISAKMP_NEXT_15",
265 "ISAKMP_NEXT_16",
266 "ISAKMP_NEXT_17",
267 "ISAKMP_NEXT_18",
268 "ISAKMP_NEXT_19",
269 "ISAKMP_NEXT_NAT-D",
270 "ISAKMP_NEXT_NAT-OA",
271 NULL
272 };
273
274 const char *const payload_name_nat_d[] = {
275 "ISAKMP_NEXT_NAT-D",
276 "ISAKMP_NEXT_NAT-OA", NULL
277 };
278
279 static enum_names payload_names_nat_d =
280 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
281
282 enum_names payload_names =
283 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
284
285 /* Exchange types (note: two discontinuous ranges) */
286
287 static const char *const exchange_name[] = {
288 "ISAKMP_XCHG_NONE",
289 "ISAKMP_XCHG_BASE",
290 "ISAKMP_XCHG_IDPROT",
291 "ISAKMP_XCHG_AO",
292 "ISAKMP_XCHG_AGGR",
293 "ISAKMP_XCHG_INFO",
294 "ISAKMP_XCHG_MODE_CFG",
295 };
296
297 static const char *const exchange_name2[] = {
298 "ISAKMP_XCHG_QUICK",
299 "ISAKMP_XCHG_NGRP",
300 "ISAKMP_XCHG_ACK_INFO",
301 };
302
303 static enum_names exchange_desc2 =
304 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
305
306 enum_names exchange_names =
307 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
308
309 /* Flag BITS */
310 const char *const flag_bit_names[] = {
311 "ISAKMP_FLAG_ENCRYPTION",
312 "ISAKMP_FLAG_COMMIT",
313 NULL
314 };
315
316 /* Situation BITS definition for IPsec DOI */
317
318 const char *const sit_bit_names[] = {
319 "SIT_IDENTITY_ONLY",
320 "SIT_SECRECY",
321 "SIT_INTEGRITY",
322 NULL
323 };
324
325 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
326
327 static const char *const protocol_name[] = {
328 "PROTO_ISAKMP",
329 "PROTO_IPSEC_AH",
330 "PROTO_IPSEC_ESP",
331 "PROTO_IPCOMP",
332 };
333
334 enum_names protocol_names =
335 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
336
337 /* IPsec ISAKMP transform values */
338
339 static const char *const isakmp_transform_name[] = {
340 "KEY_IKE",
341 };
342
343 enum_names isakmp_transformid_names =
344 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
345
346 /* IPsec AH transform values */
347
348 static const char *const ah_transform_name[] = {
349 "HMAC_MD5",
350 "HMAC_SHA1",
351 "DES_MAC",
352 "HMAC_SHA2_256",
353 "HMAC_SHA2_384",
354 "HMAC_SHA2_512",
355 "HMAC_RIPEMD",
356 "AES_XCBC_96",
357 "SIG_RSA",
358 "AES_128_GMAC",
359 "AES_192_GMAC",
360 "AES_256_GMAC"
361 };
362
363 static const char *const ah_transform_name_high[] = {
364 "HMAC_SHA2_256_96"
365 };
366
367 enum_names ah_transform_names_high =
368 { AH_SHA2_256_96, AH_SHA2_256_96, ah_transform_name_high, NULL };
369
370 enum_names ah_transform_names =
371 { AH_MD5, AH_AES_256_GMAC, ah_transform_name, &ah_transform_names_high };
372
373 /* IPsec ESP transform values */
374
375 static const char *const esp_transform_name[] = {
376 "DES_IV64",
377 "DES_CBC",
378 "3DES_CBC",
379 "RC5_CBC",
380 "IDEA_CBC",
381 "CAST_CBC",
382 "BLOWFISH_CBC",
383 "3IDEA",
384 "DES_IV32",
385 "RC4",
386 "NULL",
387 "AES_CBC",
388 "AES_CTR",
389 "AES_CCM_8",
390 "AES_CCM_12",
391 "AES_CCM_16",
392 "UNASSIGNED_17",
393 "AES_GCM_8",
394 "AES_GCM_12",
395 "AES_GCM_16",
396 "SEED_CBC",
397 "CAMELLIA_CBC",
398 "AES_GMAC"
399 };
400
401 static const char *const esp_transform_name_high[] = {
402 "SERPENT_CBC",
403 "TWOFISH_CBC"
404 };
405
406 enum_names esp_transform_names_high =
407 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
408
409 enum_names esp_transform_names =
410 { ESP_DES_IV64, ESP_AES_GMAC, esp_transform_name, &esp_transform_names_high };
411
412 /* IPCOMP transform values */
413
414 static const char *const ipcomp_transform_name[] = {
415 "IPCOMP_OUI",
416 "IPCOMP_DEFLATE",
417 "IPCOMP_LZS",
418 "IPCOMP_LZJH",
419 };
420
421 enum_names ipcomp_transformid_names =
422 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
423
424 /* Identification type values */
425
426 static const char *const ident_name[] = {
427 "ID_IPV4_ADDR",
428 "ID_FQDN",
429 "ID_USER_FQDN",
430 "ID_IPV4_ADDR_SUBNET",
431 "ID_IPV6_ADDR",
432 "ID_IPV6_ADDR_SUBNET",
433 "ID_IPV4_ADDR_RANGE",
434 "ID_IPV6_ADDR_RANGE",
435 "ID_DER_ASN1_DN",
436 "ID_DER_ASN1_GN",
437 "ID_KEY_ID",
438 };
439
440 enum_names ident_names =
441 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
442
443 /* Certificate type values */
444
445 static const char *const cert_type_name[] = {
446 "CERT_NONE",
447 "CERT_PKCS7_WRAPPED_X509",
448 "CERT_PGP",
449 "CERT_DNS_SIGNED_KEY",
450 "CERT_X509_SIGNATURE",
451 "CERT_X509_KEY_EXCHANGE",
452 "CERT_KERBEROS_TOKENS",
453 "CERT_CRL",
454 "CERT_ARL",
455 "CERT_SPKI",
456 "CERT_X509_ATTRIBUTE",
457 };
458
459 enum_names cert_type_names =
460 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
461
462 /* Certificate policy names */
463
464 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
465 "ALWAYS_SEND",
466 "SEND_IF_ASKED",
467 "NEVER_SEND",
468 );
469
470 /* Goal BITs for establishing an SA
471 * Note: we drop the POLICY_ prefix so that logs are more concise.
472 */
473
474 const char *const sa_policy_bit_names[] = {
475 "PSK",
476 "PUBKEY",
477 "ENCRYPT",
478 "AUTHENTICATE",
479 "COMPRESS",
480 "TUNNEL",
481 "PFS",
482 "DISABLEARRIVALCHECK",
483 "SHUNT0",
484 "SHUNT1",
485 "FAILSHUNT0",
486 "FAILSHUNT1",
487 "DONTREKEY",
488 "OPPORTUNISTIC",
489 "GROUP",
490 "GROUTED",
491 "UP",
492 "MODECFGPUSH",
493 "XAUTHPSK",
494 "XAUTHRSASIG",
495 "XAUTHSERVER",
496 "DONTREAUTH",
497 "BEET",
498 "MOBIKE",
499 "PROXY",
500 NULL
501 };
502
503 const char *const policy_shunt_names[4] = {
504 "TRAP",
505 "PASS",
506 "DROP",
507 "REJECT",
508 };
509
510 const char *const policy_fail_names[4] = {
511 "NONE",
512 "PASS",
513 "DROP",
514 "REJECT",
515 };
516
517 /* Oakley transform attributes
518 * oakley_attr_bit_names does double duty: it is used for enum names
519 * and bit names.
520 */
521
522 const char *const oakley_attr_bit_names[] = {
523 "OAKLEY_ENCRYPTION_ALGORITHM",
524 "OAKLEY_HASH_ALGORITHM",
525 "OAKLEY_AUTHENTICATION_METHOD",
526 "OAKLEY_GROUP_DESCRIPTION",
527 "OAKLEY_GROUP_TYPE",
528 "OAKLEY_GROUP_PRIME",
529 "OAKLEY_GROUP_GENERATOR_ONE",
530 "OAKLEY_GROUP_GENERATOR_TWO",
531 "OAKLEY_GROUP_CURVE_A",
532 "OAKLEY_GROUP_CURVE_B",
533 "OAKLEY_LIFE_TYPE",
534 "OAKLEY_LIFE_DURATION",
535 "OAKLEY_PRF",
536 "OAKLEY_KEY_LENGTH",
537 "OAKLEY_FIELD_SIZE",
538 "OAKLEY_GROUP_ORDER",
539 "OAKLEY_BLOCK_SIZE",
540 NULL
541 };
542
543 static const char *const oakley_var_attr_name[] = {
544 "OAKLEY_GROUP_PRIME (variable length)",
545 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
546 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
547 "OAKLEY_GROUP_CURVE_A (variable length)",
548 "OAKLEY_GROUP_CURVE_B (variable length)",
549 NULL,
550 "OAKLEY_LIFE_DURATION (variable length)",
551 NULL,
552 NULL,
553 NULL,
554 "OAKLEY_GROUP_ORDER (variable length)",
555 };
556
557 static enum_names oakley_attr_desc_tv = {
558 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
559 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
560
561 enum_names oakley_attr_names = {
562 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
563 oakley_var_attr_name, &oakley_attr_desc_tv };
564
565 /* for each Oakley attribute, which enum_names describes its values? */
566 enum_names *oakley_attr_val_descs[] = {
567 NULL, /* (none) */
568 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
569 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
570 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
571 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
572 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
573 NULL, /* OAKLEY_GROUP_PRIME */
574 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
575 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
576 NULL, /* OAKLEY_GROUP_CURVE_A */
577 NULL, /* OAKLEY_GROUP_CURVE_B */
578 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
579 NULL, /* OAKLEY_LIFE_DURATION */
580 &oakley_prf_names, /* OAKLEY_PRF */
581 NULL, /* OAKLEY_KEY_LENGTH */
582 NULL, /* OAKLEY_FIELD_SIZE */
583 NULL, /* OAKLEY_GROUP_ORDER */
584 };
585
586 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
587
588 static const char *const ipsec_attr_name[] = {
589 "SA_LIFE_TYPE",
590 "SA_LIFE_DURATION",
591 "GROUP_DESCRIPTION",
592 "ENCAPSULATION_MODE",
593 "AUTH_ALGORITHM",
594 "KEY_LENGTH",
595 "KEY_ROUNDS",
596 "COMPRESS_DICT_SIZE",
597 "COMPRESS_PRIVATE_ALG",
598 };
599
600 static const char *const ipsec_var_attr_name[] = {
601 "SA_LIFE_DURATION (variable length)",
602 NULL,
603 NULL,
604 NULL,
605 NULL,
606 NULL,
607 NULL,
608 "COMPRESS_PRIVATE_ALG (variable length)",
609 };
610
611 static enum_names ipsec_attr_desc_tv = {
612 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
613 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
614 ipsec_attr_name, NULL };
615
616 enum_names ipsec_attr_names = {
617 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
618 ipsec_var_attr_name, &ipsec_attr_desc_tv };
619
620 /* for each IPsec attribute, which enum_names describes its values? */
621 enum_names *ipsec_attr_val_descs[] = {
622 NULL, /* (none) */
623 &sa_lifetime_names, /* SA_LIFE_TYPE */
624 NULL, /* SA_LIFE_DURATION */
625 &oakley_group_names, /* GROUP_DESCRIPTION */
626 &enc_mode_names, /* ENCAPSULATION_MODE */
627 &auth_alg_names, /* AUTH_ALGORITHM */
628 NULL, /* KEY_LENGTH */
629 NULL, /* KEY_ROUNDS */
630 NULL, /* COMPRESS_DICT_SIZE */
631 NULL, /* COMPRESS_PRIVATE_ALG */
632 };
633
634 /* SA Lifetime Type attribute */
635
636 static const char *const sa_lifetime_name[] = {
637 "SA_LIFE_TYPE_SECONDS",
638 "SA_LIFE_TYPE_KBYTES",
639 };
640
641 enum_names sa_lifetime_names =
642 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
643
644 /* Encapsulation Mode attribute */
645
646 static const char *const enc_mode_name[] = {
647 "ENCAPSULATION_MODE_TUNNEL",
648 "ENCAPSULATION_MODE_TRANSPORT",
649 "ENCAPSULATION_MODE_UDP_TUNNEL",
650 "ENCAPSULATION_MODE_UDP_TRANSPORT",
651 };
652
653 static const char *const enc_udp_mode_name[] = {
654 "ENCAPSULATION_MODE_UDP_TUNNEL",
655 "ENCAPSULATION_MODE_UDP_TRANSPORT",
656 };
657
658 static enum_names enc_udp_mode_names =
659 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
660
661 enum_names enc_mode_names =
662 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
663
664 /* Auth Algorithm attribute */
665
666 static const char *const auth_alg_name[] = {
667 "AUTH_NONE",
668 "HMAC_MD5",
669 "HMAC_SHA1",
670 "DES_MAC",
671 "KPDK",
672 "HMAC_SHA2_256",
673 "HMAC_SHA2_384",
674 "HMAC_SHA2_512",
675 "HMAC_RIPEMD",
676 "AES_XCBC_96",
677 "SIG_RSA"
678 };
679
680 static const char *const extended_auth_alg_name[] = {
681 "NULL",
682 "HMAC_SHA2_256_96"
683 };
684
685 enum_names extended_auth_alg_names =
686 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_HMAC_SHA2_256_96,
687 extended_auth_alg_name, NULL };
688
689 enum_names auth_alg_names =
690 { AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA,
691 auth_alg_name, &extended_auth_alg_names };
692
693 /* From draft-beaulieu-ike-xauth */
694 static const char *const xauth_type_name[] = {
695 "Generic",
696 "RADIUS-CHAP",
697 "OTP",
698 "S/KEY",
699 };
700
701 enum_names xauth_type_names =
702 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
703
704 /* From draft-beaulieu-ike-xauth */
705 static const char *const xauth_attr_tv_name[] = {
706 "XAUTH_TYPE",
707 NULL,
708 NULL,
709 NULL,
710 NULL,
711 NULL,
712 NULL,
713 "XAUTH_STATUS",
714 };
715
716 enum_names xauth_attr_tv_names = {
717 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
718 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
719
720 static const char *const unity_attr_name[] = {
721 "UNITY_BANNER",
722 "UNITY_SAVE_PASSWD",
723 "UNITY_DEF_DOMAIN",
724 "UNITY_SPLITDNS_NAME",
725 "UNITY_SPLIT_INCLUDE",
726 "UNITY_NATT_PORT",
727 "UNITY_LOCAL_LAN",
728 "UNITY_PFS",
729 "UNITY_FW_TYPE",
730 "UNITY_BACKUP_SERVERS",
731 "UNITY_DDNS_HOSTNAME",
732 };
733
734 enum_names unity_attr_names =
735 { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
736
737 static const char *const microsoft_attr_name[] = {
738 "INTERNAL_IP4_SERVER",
739 "INTERNAL_IP6_SERVER",
740 };
741
742 enum_names microsoft_attr_names =
743 { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
744
745 static const char *const xauth_attr_name[] = {
746 "XAUTH_USER_NAME",
747 "XAUTH_USER_PASSWORD",
748 "XAUTH_PASSCODE",
749 "XAUTH_MESSAGE",
750 "XAUTH_CHALLENGE",
751 "XAUTH_DOMAIN",
752 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
753 "XAUTH_NEXT_PIN",
754 "XAUTH_ANSWER",
755 };
756
757 enum_names xauth_attr_names =
758 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
759
760 static const char *const modecfg_attr_name[] = {
761 "INTERNAL_IP4_ADDRESS",
762 "INTERNAL_IP4_NETMASK",
763 "INTERNAL_IP4_DNS",
764 "INTERNAL_IP4_NBNS",
765 "INTERNAL_ADDRESS_EXPIRY",
766 "INTERNAL_IP4_DHCP",
767 "APPLICATION_VERSION",
768 "INTERNAL_IP6_ADDRESS",
769 "INTERNAL_IP6_NETMASK",
770 "INTERNAL_IP6_DNS",
771 "INTERNAL_IP6_NBNS",
772 "INTERNAL_IP6_DHCP",
773 "INTERNAL_IP4_SUBNET",
774 "SUPPORTED_ATTRIBUTES",
775 "INTERNAL_IP6_SUBNET",
776 };
777
778 enum_names modecfg_attr_names =
779 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
780
781 /* Oakley Lifetime Type attribute */
782
783 static const char *const oakley_lifetime_name[] = {
784 "OAKLEY_LIFE_SECONDS",
785 "OAKLEY_LIFE_KILOBYTES",
786 };
787
788 enum_names oakley_lifetime_names =
789 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
790
791 /* Oakley PRF attribute (none defined) */
792
793 enum_names oakley_prf_names =
794 { 1, 0, NULL, NULL };
795
796 /* Oakley Encryption Algorithm attribute */
797
798 static const char *const oakley_enc_name[] = {
799 "DES_CBC",
800 "IDEA_CBC",
801 "BLOWFISH_CBC",
802 "RC5_R16_B64_CBC",
803 "3DES_CBC",
804 "CAST_CBC",
805 "AES_CBC",
806 "CAMELLIA_CBC"
807 };
808
809 #ifdef NO_EXTRA_IKE
810 enum_names oakley_enc_names =
811 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
812 #else
813 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
814 "MARS_CBC" /* 65001 */,
815 "RC6_CBC" /* 65002 */,
816 "ID_65003" /* 65003 */,
817 "SERPENT_CBC" /* 65004 */,
818 "TWOFISH_CBC" /* 65005 */,
819 };
820
821 static const char *const oakley_enc_name_ssh[] = {
822 "TWOFISH_CBC_SSH",
823 };
824
825 enum_names oakley_enc_names_ssh =
826 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
827 , NULL };
828
829 enum_names oakley_enc_names_draft_aes_cbc_02 =
830 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
831 , &oakley_enc_names_ssh };
832
833 enum_names oakley_enc_names =
834 { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
835 , &oakley_enc_names_draft_aes_cbc_02 };
836 #endif
837
838 /* Oakley Hash Algorithm attribute */
839
840 static const char *const oakley_hash_name[] = {
841 "HMAC_MD5",
842 "HMAC_SHA1",
843 "HMAC_TIGER",
844 "HMAC_SHA2_256",
845 "HMAC_SHA2_384",
846 "HMAC_SHA2_512",
847 };
848
849 enum_names oakley_hash_names =
850 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
851
852 /* Oakley Authentication Method attribute */
853
854 static const char *const oakley_auth_name1[] = {
855 "pre-shared key",
856 "DSS signature",
857 "RSA signature",
858 "RSA encryption",
859 "RSA encryption revised",
860 "ElGamal encryption",
861 "ELGamal encryption revised",
862 "ECDSA signature",
863 "ECDSA-256 signature",
864 "ECDSA-384 signature",
865 "ECDSA-521-signature",
866 };
867
868 static const char *const oakley_auth_name2[] = {
869 "HybridInitRSA",
870 "HybridRespRSA",
871 "HybridInitDSS",
872 "HybridRespDSS",
873 };
874
875 static const char *const oakley_auth_name3[] = {
876 "XAUTHInitPreShared",
877 "XAUTHRespPreShared",
878 "XAUTHInitDSS",
879 "XAUTHRespDSS",
880 "XAUTHInitRSA",
881 "XAUTHRespRSA",
882 "XAUTHInitRSAEncryption",
883 "XAUTHRespRSAEncryption",
884 "XAUTHInitRSARevisedEncryption",
885 "XAUTHRespRSARevisedEncryption",
886 };
887
888 static enum_names oakley_auth_names1 =
889 { OAKLEY_PRESHARED_KEY, OAKLEY_ECDSA_521
890 , oakley_auth_name1, NULL };
891
892 static enum_names oakley_auth_names2 =
893 { HybridInitRSA, HybridRespDSS
894 , oakley_auth_name2, &oakley_auth_names1 };
895
896 enum_names oakley_auth_names =
897 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
898 , oakley_auth_name3, &oakley_auth_names2 };
899
900 /* Oakley Group Description attribute */
901
902 static const char *const oakley_group_name[] = {
903 "MODP_768",
904 "MODP_1024",
905 "GP_155",
906 "GP_185",
907 "MODP_1536",
908 };
909
910 static const char *const oakley_group_name_rfc3526[] = {
911 "MODP_2048",
912 "MODP_3072",
913 "MODP_4096",
914 "MODP_6144",
915 "MODP_8192"
916 };
917
918 static const char *const oakley_group_name_rfc4753[] = {
919 "ECP_256",
920 "ECP_384",
921 "ECP_521"
922 };
923
924 static const char *const oakley_group_name_rfc5114[] = {
925 "MODP_1024_160",
926 "MODP_2048_224",
927 "MODP_2048_256",
928 "ECP_192",
929 "ECP_224"
930 };
931
932 enum_names oakley_group_names_rfc5114 =
933 { MODP_1024_160, ECP_224_BIT,
934 oakley_group_name_rfc5114, NULL };
935
936 enum_names oakley_group_names_rfc4753 =
937 { ECP_256_BIT, ECP_521_BIT,
938 oakley_group_name_rfc4753, &oakley_group_names_rfc5114 };
939
940 enum_names oakley_group_names_rfc3526 =
941 { MODP_2048_BIT, MODP_8192_BIT,
942 oakley_group_name_rfc3526, &oakley_group_names_rfc4753 };
943
944 enum_names oakley_group_names =
945 { MODP_768_BIT, MODP_1536_BIT,
946 oakley_group_name, &oakley_group_names_rfc3526 };
947
948 /* Oakley Group Type attribute */
949
950 static const char *const oakley_group_type_name[] = {
951 "OAKLEY_GROUP_TYPE_MODP",
952 "OAKLEY_GROUP_TYPE_ECP",
953 "OAKLEY_GROUP_TYPE_EC2N",
954 };
955
956 enum_names oakley_group_type_names =
957 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
958
959 /* Notify messages -- error types */
960
961 static const char *const notification_name[] = {
962 "INVALID_PAYLOAD_TYPE",
963 "DOI_NOT_SUPPORTED",
964 "SITUATION_NOT_SUPPORTED",
965 "INVALID_COOKIE",
966 "INVALID_MAJOR_VERSION",
967 "INVALID_MINOR_VERSION",
968 "INVALID_EXCHANGE_TYPE",
969 "INVALID_FLAGS",
970 "INVALID_MESSAGE_ID",
971 "INVALID_PROTOCOL_ID",
972 "INVALID_SPI",
973 "INVALID_TRANSFORM_ID",
974 "ATTRIBUTES_NOT_SUPPORTED",
975 "NO_PROPOSAL_CHOSEN",
976 "BAD_PROPOSAL_SYNTAX",
977 "PAYLOAD_MALFORMED",
978 "INVALID_KEY_INFORMATION",
979 "INVALID_ID_INFORMATION",
980 "INVALID_CERT_ENCODING",
981 "INVALID_CERTIFICATE",
982 "CERT_TYPE_UNSUPPORTED",
983 "INVALID_CERT_AUTHORITY",
984 "INVALID_HASH_INFORMATION",
985 "AUTHENTICATION_FAILED",
986 "INVALID_SIGNATURE",
987 "ADDRESS_NOTIFICATION",
988 "NOTIFY_SA_LIFETIME",
989 "CERTIFICATE_UNAVAILABLE",
990 "UNSUPPORTED_EXCHANGE_TYPE",
991 "UNEQUAL_PAYLOAD_LENGTHS",
992 };
993
994 static const char *const notification_status_name[] = {
995 "CONNECTED",
996 };
997
998 static const char *const ipsec_notification_name[] = {
999 "IPSEC_RESPONDER_LIFETIME",
1000 "IPSEC_REPLAY_STATUS",
1001 "IPSEC_INITIAL_CONTACT",
1002 };
1003
1004 static const char *const notification_dpd_name[] = {
1005 "R_U_THERE",
1006 "R_U_THERE_ACK",
1007 };
1008
1009 static const char *const notification_juniper_name[] = {
1010 "NS_NHTB_INFORM",
1011 };
1012
1013 enum_names notification_juniper_names =
1014 { NS_NHTB_INFORM, NS_NHTB_INFORM,
1015 notification_juniper_name, NULL };
1016
1017 enum_names notification_dpd_names =
1018 { R_U_THERE, R_U_THERE_ACK,
1019 notification_dpd_name, &notification_juniper_names };
1020
1021 enum_names ipsec_notification_names =
1022 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
1023 ipsec_notification_name, &notification_dpd_names };
1024
1025 enum_names notification_status_names =
1026 { ISAKMP_CONNECTED, ISAKMP_CONNECTED,
1027 notification_status_name, &ipsec_notification_names };
1028
1029 enum_names notification_names =
1030 { ISAKMP_INVALID_PAYLOAD_TYPE, ISAKMP_UNEQUAL_PAYLOAD_LENGTHS,
1031 notification_name, &notification_status_names };
1032
1033 /* MODECFG
1034 * From draft-dukes-ike-mode-cfg
1035 */
1036 const char *const attr_msg_type_name[] = {
1037 "ISAKMP_CFG_RESERVED",
1038 "ISAKMP_CFG_REQUEST",
1039 "ISAKMP_CFG_REPLY",
1040 "ISAKMP_CFG_SET",
1041 "ISAKMP_CFG_ACK",
1042 NULL
1043 };
1044
1045 enum_names attr_msg_type_names =
1046 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
1047
1048 /* socket address family info */
1049
1050 static const char *const af_inet_name[] = {
1051 "AF_INET",
1052 };
1053
1054 static const char *const af_inet6_name[] = {
1055 "AF_INET6",
1056 };
1057
1058 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1059
1060 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1061
1062 static ip_address ipv4_any, ipv6_any;
1063 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1064 static ip_subnet ipv4_all, ipv6_all;
1065
1066 const struct af_info af_inet4_info = {
1067 AF_INET,
1068 "AF_INET",
1069 sizeof(struct in_addr),
1070 sizeof(struct sockaddr_in),
1071 32,
1072 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1073 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1074 };
1075
1076 const struct af_info af_inet6_info = {
1077 AF_INET6,
1078 "AF_INET6",
1079 sizeof(struct in6_addr),
1080 sizeof(struct sockaddr_in6),
1081 128,
1082 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1083 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1084 };
1085
1086 const struct af_info *
1087 aftoinfo(int af)
1088 {
1089 switch (af)
1090 {
1091 case AF_INET:
1092 return &af_inet4_info;
1093 case AF_INET6:
1094 return &af_inet6_info;
1095 default:
1096 return NULL;
1097 }
1098 }
1099
1100 bool subnetisnone(const ip_subnet *sn)
1101 {
1102 ip_address base;
1103
1104 networkof(sn, &base);
1105 return isanyaddr(&base) && subnetishost(sn);
1106 }
1107
1108 /* BIND enumerated types */
1109
1110 #include <arpa/nameser.h>
1111
1112 static const char *const rr_type_name[] = {
1113 "T_A", /* 1 host address */
1114 "T_NS", /* 2 authoritative server */
1115 "T_MD", /* 3 mail destination */
1116 "T_MF", /* 4 mail forwarder */
1117 "T_CNAME", /* 5 canonical name */
1118 "T_SOA", /* 6 start of authority zone */
1119 "T_MB", /* 7 mailbox domain name */
1120 "T_MG", /* 8 mail group member */
1121 "T_MR", /* 9 mail rename name */
1122 "T_NULL", /* 10 null resource record */
1123 "T_WKS", /* 11 well known service */
1124 "T_PTR", /* 12 domain name pointer */
1125 "T_HINFO", /* 13 host information */
1126 "T_MINFO", /* 14 mailbox information */
1127 "T_MX", /* 15 mail routing information */
1128 "T_TXT", /* 16 text strings */
1129 "T_RP", /* 17 responsible person */
1130 "T_AFSDB", /* 18 AFS cell database */
1131 "T_X25", /* 19 X_25 calling address */
1132 "T_ISDN", /* 20 ISDN calling address */
1133 "T_RT", /* 21 router */
1134 "T_NSAP", /* 22 NSAP address */
1135 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1136 "T_SIG", /* 24 security signature */
1137 "T_KEY", /* 25 security key */
1138 "T_PX", /* 26 X.400 mail mapping */
1139 "T_GPOS", /* 27 geographical position (withdrawn) */
1140 "T_AAAA", /* 28 IP6 Address */
1141 "T_LOC", /* 29 Location Information */
1142 "T_NXT", /* 30 Next Valid Name in Zone */
1143 "T_EID", /* 31 Endpoint identifier */
1144 "T_NIMLOC", /* 32 Nimrod locator */
1145 "T_SRV", /* 33 Server selection */
1146 "T_ATMA", /* 34 ATM Address */
1147 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1148 NULL
1149 };
1150
1151 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1152
1153 /* Query type values which do not appear in resource records */
1154 static const char *const rr_qtype_name[] = {
1155 "T_IXFR", /* 251 incremental zone transfer */
1156 "T_AXFR", /* 252 transfer zone of authority */
1157 "T_MAILB", /* 253 transfer mailbox records */
1158 "T_MAILA", /* 254 transfer mail agent records */
1159 "T_ANY", /* 255 wildcard match */
1160 NULL
1161 };
1162
1163 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1164
1165 static const char *const rr_class_name[] = {
1166 "C_IN", /* 1 the arpa internet */
1167 NULL
1168 };
1169
1170 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1171
1172 /*
1173 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1174 *
1175 */
1176 const char *const natt_type_bitnames[] = {
1177 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1178 "draft-ietf-ipsec-nat-t-ike-02/03",
1179 "RFC 3947",
1180 "3", /* 3 */
1181 "4", "5", "6", "7",
1182 "8", "9", "10", "11",
1183 "12", "13", "14", "15",
1184 "16", "17", "18", "19",
1185 "20", "21", "22", "23",
1186 "24", "25", "26", "27",
1187 "28", "29",
1188 "nat is behind me",
1189 "nat is behind peer"
1190 };
1191
1192 /* look up enum names in an enum_names */
1193
1194 const char* enum_name(enum_names *ed, unsigned long val)
1195 {
1196 enum_names *p;
1197
1198 for (p = ed; p != NULL; p = p->en_next_range)
1199 {
1200 if (p->en_first <= val && val <= p->en_last)
1201 return p->en_names[val - p->en_first];
1202 }
1203 return NULL;
1204 }
1205
1206 /* find or construct a string to describe an enum value
1207 * Result may be in STATIC buffer!
1208 */
1209 const char *
1210 enum_show(enum_names *ed, unsigned long val)
1211 {
1212 const char *p = enum_name(ed, val);
1213
1214 if (p == NULL)
1215 {
1216 static char buf[12]; /* only one! I hope that it is big enough */
1217
1218 snprintf(buf, sizeof(buf), "%lu??", val);
1219 p = buf;
1220 }
1221 return p;
1222 }
1223
1224
1225 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1226
1227 int
1228 enum_search(enum_names *ed, const char *str)
1229 {
1230 enum_names *p;
1231 const char *ptr;
1232 unsigned en;
1233
1234 for (p = ed; p != NULL; p = p->en_next_range)
1235 {
1236 for (en = p->en_first; en <= p->en_last ;en++)
1237 {
1238 ptr = p->en_names[en - p->en_first];
1239 if (ptr == 0)
1240 {
1241 continue;
1242 }
1243 if (streq(ptr, str))
1244 {
1245 return en;
1246 }
1247 }
1248 }
1249 return -1;
1250 }
1251
1252 /* construct a string to name the bits on in a set
1253 * Result may be in STATIC buffer!
1254 * Note: prettypolicy depends on internal details.
1255 */
1256 const char* bitnamesof(const char *const table[], lset_t val)
1257 {
1258 char *p = bitnamesbuf;
1259 lset_t bit;
1260 const char *const *tp;
1261
1262 if (val == 0)
1263 return "none";
1264
1265 for (tp = table, bit = 01; val != 0; bit <<= 1)
1266 {
1267 if (val & bit)
1268 {
1269 const char *n = *tp;
1270 size_t nl;
1271
1272 if (n == NULL || *n == '\0')
1273 {
1274 /* no name for this bit, so use hex */
1275 static char flagbuf[sizeof("0x80000000")];
1276
1277 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1278 n = flagbuf;
1279 }
1280
1281 nl = strlen(n);
1282
1283 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1284 *p++ = '+';
1285
1286 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1287 {
1288 strcpy(p, n);
1289 p += nl;
1290 }
1291 val -= bit;
1292 }
1293 if (*tp != NULL)
1294 tp++; /* move on, but not past end */
1295 }
1296 *p = '\0';
1297 return bitnamesbuf;
1298 }
1299
1300 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1301 * Suppress the shunt and fail fields if 0.
1302 */
1303 const char* prettypolicy(lset_t policy)
1304 {
1305 const char *bn = bitnamesof(sa_policy_bit_names
1306 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1307 size_t len;
1308 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1309 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1310
1311 if (bn != bitnamesbuf)
1312 bitnamesbuf[0] = '\0';
1313 len = strlen(bitnamesbuf);
1314 if (shunt != 0)
1315 {
1316 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1317 , policy_shunt_names[shunt]);
1318 len += strlen(bitnamesbuf + len);
1319 }
1320 if (fail != 0)
1321 {
1322 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1323 , policy_fail_names[fail]);
1324 len += strlen(bitnamesbuf + len);
1325 }
1326 if (NEVER_NEGOTIATE(policy))
1327 {
1328 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1329 len += strlen(bitnamesbuf + len);
1330 }
1331 return bitnamesbuf;
1332 }
1333
1334 /* test a set by seeing if all bits have names */
1335
1336 bool testset(const char *const table[], lset_t val)
1337 {
1338 lset_t bit;
1339 const char *const *tp;
1340
1341 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1342 {
1343 const char *n = *tp;
1344
1345 if (n == NULL || ((val & bit) && *n == '\0'))
1346 return FALSE;
1347 val &= ~bit;
1348 }
1349 return TRUE;
1350 }
1351
1352
1353 const char sparse_end[] = "end of sparse names";
1354
1355 /* look up enum names in a sparse_names */
1356 const char *sparse_name(sparse_names sd, unsigned long val)
1357 {
1358 const struct sparse_name *p;
1359
1360 for (p = sd; p->name != sparse_end; p++)
1361 if (p->val == val)
1362 return p->name;
1363 return NULL;
1364 }
1365
1366 /* find or construct a string to describe an sparse value
1367 * Result may be in STATIC buffer!
1368 */
1369 const char* sparse_val_show(sparse_names sd, unsigned long val)
1370 {
1371 const char *p = sparse_name(sd, val);
1372
1373 if (p == NULL)
1374 {
1375 static char buf[12]; /* only one! I hope that it is big enough */
1376
1377 snprintf(buf, sizeof(buf), "%lu??", val);
1378 p = buf;
1379 }
1380 return p;
1381 }
1382
1383 void init_constants(void)
1384 {
1385 happy(anyaddr(AF_INET, &ipv4_any));
1386 happy(anyaddr(AF_INET6, &ipv6_any));
1387
1388 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1389 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1390
1391 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1392 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1393 }
1394
1395 u_char secret_of_the_day[HASH_SIZE_SHA1];
1396
1397