ed8073b0b9225c0f3398d57c70efbc8a96bd0dee
[strongswan.git] / src / pluto / constants.c
1 /* tables of names for values defined in constants.h
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: constants.c,v 1.21 2006/03/27 07:38:59 as Exp $
15 */
16
17 /*
18 * Note that the array sizes are all specified; this is to enable range
19 * checking by code that only includes constants.h.
20 */
21
22 #include <stddef.h>
23 #include <string.h>
24 #include <stdio.h>
25 #include <netinet/in.h>
26
27 #include <freeswan.h>
28 #include <ipsec_policy.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "packet.h"
34
35 /* string naming compile-time options that have interop implications */
36
37 const char compile_time_interop_options[] = ""
38 #ifdef THREADS
39 " THREADS"
40 #endif
41 #ifdef LIBCURL
42 " LIBCURL"
43 #endif
44 #ifdef LDAP_VER
45 #if LDAP_VER == 2
46 " LDAP_V2"
47 #else
48 " LDAP_V3"
49 #endif
50 #endif
51 #ifdef SMARTCARD
52 " SMARTCARD"
53 #endif
54 #ifdef VENDORID
55 " VENDORID"
56 #endif
57 #ifdef CISCO_QUIRKS
58 " CISCO_QUIRKS"
59 #endif
60 #ifdef USE_KEYRR
61 " KEYRR"
62 #endif
63 ;
64
65 /* version */
66
67 static const char *const version_name[] = {
68 "ISAKMP Version 1.0",
69 };
70
71 enum_names version_names =
72 { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
73 ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
74 version_name, NULL };
75
76 /* RFC 2459 CRL reason codes */
77
78 static const char *const crl_reason_name[] = {
79 "unspecified",
80 "key compromise",
81 "ca compromise",
82 "affiliation changed",
83 "superseded",
84 "cessation of operation",
85 "certificate hold",
86 "reason #7",
87 "remove from crl"
88 };
89
90 enum_names crl_reason_names =
91 { REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL, crl_reason_name, NULL};
92
93 /* RFC 3706 Dead Peer Detection */
94
95 static const char *const dpd_action_name[] = {
96 "none",
97 "clear",
98 "hold",
99 "restart"
100 };
101
102 enum_names dpd_action_names =
103 { DPD_ACTION_NONE, DPD_ACTION_RESTART, dpd_action_name, NULL};
104
105 /* Timer events */
106
107 static const char *const timer_event_name[] = {
108 "EVENT_NULL",
109 "EVENT_REINIT_SECRET",
110 "EVENT_SHUNT_SCAN",
111 "EVENT_SO_DISCARD",
112 "EVENT_RETRANSMIT",
113 "EVENT_SA_REPLACE",
114 "EVENT_SA_REPLACE_IF_USED",
115 "EVENT_SA_EXPIRE",
116 "EVENT_NAT_T_KEEPALIVE",
117 "EVENT_DPD",
118 "EVENT_DPD_TIMEOUT",
119 "EVENT_LOG_DAILY"
120 };
121
122 enum_names timer_event_names =
123 { EVENT_NULL, EVENT_LOG_DAILY, timer_event_name, NULL };
124
125 /* Domain of Interpretation */
126
127 static const char *const doi_name[] = {
128 "ISAKMP_DOI_ISAKMP",
129 "ISAKMP_DOI_IPSEC",
130 };
131
132 enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
133
134 /* debugging settings: a set of selections for reporting
135 * These would be more naturally situated in log.h,
136 * but they are shared with whack.
137 * It turns out that "debug-" is clutter in all contexts this is used,
138 * so we leave it off.
139 */
140 #ifdef DEBUG
141 const char *const debug_bit_names[] = {
142 "raw",
143 "crypt",
144 "parsing",
145 "emitting",
146 "control",
147 "lifecycle",
148 "klips",
149 "dns",
150 "natt",
151 "oppo",
152 "controlmore",
153
154 "private",
155
156 "impair-delay-adns-key-answer",
157 "impair-delay-adns-txt-answer",
158 "impair-bust-mi2",
159 "impair-bust-mr2",
160
161 NULL
162 };
163 #endif
164
165 /* State of exchanges */
166
167 static const char *const state_name[] = {
168 "STATE_MAIN_R0",
169 "STATE_MAIN_I1",
170 "STATE_MAIN_R1",
171 "STATE_MAIN_I2",
172 "STATE_MAIN_R2",
173 "STATE_MAIN_I3",
174 "STATE_MAIN_R3",
175 "STATE_MAIN_I4",
176
177 "STATE_QUICK_R0",
178 "STATE_QUICK_I1",
179 "STATE_QUICK_R1",
180 "STATE_QUICK_I2",
181 "STATE_QUICK_R2",
182
183 "STATE_INFO",
184 "STATE_INFO_PROTECTED",
185
186 "STATE_XAUTH_I0",
187 "STATE_XAUTH_R1",
188 "STATE_XAUTH_I1",
189 "STATE_XAUTH_R2",
190 "STATE_XAUTH_I2",
191 "STATE_XAUTH_R3",
192
193 "STATE_MODE_CFG_R0",
194 "STATE_MODE_CFG_I1",
195 "STATE_MODE_CFG_R1",
196 "STATE_MODE_CFG_I2",
197
198 "STATE_MODE_CFG_I0",
199 "STATE_MODE_CFG_R3",
200 "STATE_MODE_CFG_I3",
201 "STATE_MODE_CFG_R4",
202
203 "STATE_IKE_ROOF"
204 };
205
206 enum_names state_names =
207 { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
208
209 /* story for state */
210
211 const char *const state_story[] = {
212 "expecting MI1", /* STATE_MAIN_R0 */
213 "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
214 "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
215 "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
216 "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
217 "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
218 "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
219 "ISAKMP SA established", /* STATE_MAIN_I4 */
220
221 "expecting QI1", /* STATE_QUICK_R0 */
222 "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
223 "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
224 "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
225 "IPsec SA established", /* STATE_QUICK_R2 */
226
227 "got Informational Message in clear", /* STATE_INFO */
228 "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
229
230 "expecting XAUTH request", /* STATE_XAUTH_I0 */
231 "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
232 "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
233 "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
234 "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
235 "received XAUTH ack, established", /* STATE_XAUTH_R3 */
236
237 "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
238 "sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
239 "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
240 "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
241
242 "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
243 "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
244 "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
245 "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
246 };
247
248 /* kind of struct connection */
249
250 static const char *const connection_kind_name[] = {
251 "CK_GROUP", /* policy group: instantiates to template */
252 "CK_TEMPLATE", /* abstract connection, with wildcard */
253 "CK_PERMANENT", /* normal connection */
254 "CK_INSTANCE", /* instance of template, created for a particular attempt */
255 "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
256 };
257
258 enum_names connection_kind_names =
259 { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
260
261 /* routing status names */
262
263 static const char *const routing_story_strings[] = {
264 "unrouted", /* RT_UNROUTED: unrouted */
265 "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
266 "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
267 "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
268 "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
269 "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
270 "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
271 "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
272 };
273
274 enum_names routing_story =
275 { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
276
277 /* Payload types (RFC 2408 "ISAKMP" section 3.1) */
278
279 const char *const payload_name[] = {
280 "ISAKMP_NEXT_NONE",
281 "ISAKMP_NEXT_SA",
282 "ISAKMP_NEXT_P",
283 "ISAKMP_NEXT_T",
284 "ISAKMP_NEXT_KE",
285 "ISAKMP_NEXT_ID",
286 "ISAKMP_NEXT_CERT",
287 "ISAKMP_NEXT_CR",
288 "ISAKMP_NEXT_HASH",
289 "ISAKMP_NEXT_SIG",
290 "ISAKMP_NEXT_NONCE",
291 "ISAKMP_NEXT_N",
292 "ISAKMP_NEXT_D",
293 "ISAKMP_NEXT_VID",
294 "ISAKMP_NEXT_MODECFG",
295 "ISAKMP_NEXT_15",
296 "ISAKMP_NEXT_16",
297 "ISAKMP_NEXT_17",
298 "ISAKMP_NEXT_18",
299 "ISAKMP_NEXT_19",
300 "ISAKMP_NEXT_NAT-D",
301 "ISAKMP_NEXT_NAT-OA",
302 NULL
303 };
304
305 const char *const payload_name_nat_d[] = { "ISAKMP_NEXT_NAT-D",
306 "ISAKMP_NEXT_NAT-OA", NULL };
307
308 static enum_names payload_names_nat_d =
309 { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
310
311 enum_names payload_names =
312 { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
313
314 /* Exchange types (note: two discontinuous ranges) */
315
316 static const char *const exchange_name[] = {
317 "ISAKMP_XCHG_NONE",
318 "ISAKMP_XCHG_BASE",
319 "ISAKMP_XCHG_IDPROT",
320 "ISAKMP_XCHG_AO",
321 "ISAKMP_XCHG_AGGR",
322 "ISAKMP_XCHG_INFO",
323 "ISAKMP_XCHG_MODE_CFG",
324 };
325
326 static const char *const exchange_name2[] = {
327 "ISAKMP_XCHG_QUICK",
328 "ISAKMP_XCHG_NGRP",
329 "ISAKMP_XCHG_ACK_INFO",
330 };
331
332 static enum_names exchange_desc2 =
333 { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
334
335 enum_names exchange_names =
336 { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
337
338 /* Flag BITS */
339 const char *const flag_bit_names[] = {
340 "ISAKMP_FLAG_ENCRYPTION",
341 "ISAKMP_FLAG_COMMIT",
342 NULL
343 };
344
345 /* Situation BITS definition for IPsec DOI */
346
347 const char *const sit_bit_names[] = {
348 "SIT_IDENTITY_ONLY",
349 "SIT_SECRECY",
350 "SIT_INTEGRITY",
351 NULL
352 };
353
354 /* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
355
356 static const char *const protocol_name[] = {
357 "PROTO_ISAKMP",
358 "PROTO_IPSEC_AH",
359 "PROTO_IPSEC_ESP",
360 "PROTO_IPCOMP",
361 };
362
363 enum_names protocol_names =
364 { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
365
366 /* IPsec ISAKMP transform values */
367
368 static const char *const isakmp_transform_name[] = {
369 "KEY_IKE",
370 };
371
372 enum_names isakmp_transformid_names =
373 { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
374
375 /* IPsec AH transform values */
376
377 static const char *const ah_transform_name[] = {
378 "AH_MD5",
379 "AH_SHA",
380 "AH_DES",
381 "AH_SHA2_256",
382 "AH_SHA2_384",
383 "AH_SHA2_512",
384 "AH_RIPEMD"
385 };
386
387 enum_names ah_transformid_names =
388 { AH_MD5, AH_RIPEMD, ah_transform_name, NULL };
389
390 /* IPsec ESP transform values */
391
392 static const char *const esp_transform_name[] = {
393 "ESP_DES_IV64",
394 "ESP_DES",
395 "ESP_3DES",
396 "ESP_RC5",
397 "ESP_IDEA",
398 "ESP_CAST",
399 "ESP_BLOWFISH",
400 "ESP_3IDEA",
401 "ESP_DES_IV32",
402 "ESP_RC4",
403 "ESP_NULL",
404 "ESP_AES",
405 "ESP_AES-CTR",
406 "ESP_AES-CCM_8",
407 "ESP_AES-CCM_12",
408 "ESP_AES-CCM_16"
409 };
410
411 /*
412 * ipsec drafts suggest "high" ESP ids values for testing,
413 * assign generic ESP_ID<num> if not officially defined
414 */
415 static const char *const esp_transform_name_high[] = {
416 "ESP_SERPENT",
417 "ESP_TWOFISH"
418 };
419
420 enum_names esp_transformid_names_high =
421 { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
422
423 enum_names esp_transformid_names =
424 { ESP_DES_IV64, ESP_AES_CCM_16, esp_transform_name, &esp_transformid_names_high };
425
426 /* IPCOMP transform values */
427
428 static const char *const ipcomp_transform_name[] = {
429 "IPCOMP_OUI",
430 "IPCOMP_DEFLAT",
431 "IPCOMP_LZS",
432 "IPCOMP_LZJH",
433 };
434
435 enum_names ipcomp_transformid_names =
436 { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
437
438 /* Identification type values */
439
440 static const char *const ident_name[] = {
441 "ID_IPV4_ADDR",
442 "ID_FQDN",
443 "ID_USER_FQDN",
444 "ID_IPV4_ADDR_SUBNET",
445 "ID_IPV6_ADDR",
446 "ID_IPV6_ADDR_SUBNET",
447 "ID_IPV4_ADDR_RANGE",
448 "ID_IPV6_ADDR_RANGE",
449 "ID_DER_ASN1_DN",
450 "ID_DER_ASN1_GN",
451 "ID_KEY_ID",
452 };
453
454 enum_names ident_names =
455 { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
456
457 /* Certificate type values */
458
459 static const char *const cert_type_name[] = {
460 "CERT_NONE",
461 "CERT_PKCS7_WRAPPED_X509",
462 "CERT_PGP",
463 "CERT_DNS_SIGNED_KEY",
464 "CERT_X509_SIGNATURE",
465 "CERT_X509_KEY_EXCHANGE",
466 "CERT_KERBEROS_TOKENS",
467 "CERT_CRL",
468 "CERT_ARL",
469 "CERT_SPKI",
470 "CERT_X509_ATTRIBUTE",
471 };
472
473 enum_names cert_type_names =
474 { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
475
476 /* Certificate policy names */
477
478 static const char *const cert_policy_name[] = {
479 "ALWAYS_SEND",
480 "SEND_IF_ASKED",
481 "NEVER_SEND",
482 };
483
484 enum_names cert_policy_names =
485 { CERT_ALWAYS_SEND, CERT_NEVER_SEND, cert_policy_name, NULL };
486
487 /* Goal BITs for establishing an SA
488 * Note: we drop the POLICY_ prefix so that logs are more concise.
489 */
490
491 const char *const sa_policy_bit_names[] = {
492 "PSK",
493 "RSASIG",
494 "ENCRYPT",
495 "AUTHENTICATE",
496 "COMPRESS",
497 "TUNNEL",
498 "PFS",
499 "DISABLEARRIVALCHECK",
500 "SHUNT0",
501 "SHUNT1",
502 "FAILSHUNT0",
503 "FAILSHUNT1",
504 "DONTREKEY",
505 "OPPORTUNISTIC",
506 "GROUP",
507 "GROUTED",
508 "UP",
509 "MODECFGPUSH",
510 "XAUTHPSK",
511 "XAUTHRSASIG",
512 "XAUTHSERVER",
513 "DONTREAUTH",
514 NULL
515 };
516
517 const char *const policy_shunt_names[4] = {
518 "TRAP",
519 "PASS",
520 "DROP",
521 "REJECT",
522 };
523
524 const char *const policy_fail_names[4] = {
525 "NONE",
526 "PASS",
527 "DROP",
528 "REJECT",
529 };
530
531 /* Oakley transform attributes
532 * oakley_attr_bit_names does double duty: it is used for enum names
533 * and bit names.
534 */
535
536 const char *const oakley_attr_bit_names[] = {
537 "OAKLEY_ENCRYPTION_ALGORITHM",
538 "OAKLEY_HASH_ALGORITHM",
539 "OAKLEY_AUTHENTICATION_METHOD",
540 "OAKLEY_GROUP_DESCRIPTION",
541 "OAKLEY_GROUP_TYPE",
542 "OAKLEY_GROUP_PRIME",
543 "OAKLEY_GROUP_GENERATOR_ONE",
544 "OAKLEY_GROUP_GENERATOR_TWO",
545 "OAKLEY_GROUP_CURVE_A",
546 "OAKLEY_GROUP_CURVE_B",
547 "OAKLEY_LIFE_TYPE",
548 "OAKLEY_LIFE_DURATION",
549 "OAKLEY_PRF",
550 "OAKLEY_KEY_LENGTH",
551 "OAKLEY_FIELD_SIZE",
552 "OAKLEY_GROUP_ORDER",
553 "OAKLEY_BLOCK_SIZE",
554 NULL
555 };
556
557 static const char *const oakley_var_attr_name[] = {
558 "OAKLEY_GROUP_PRIME (variable length)",
559 "OAKLEY_GROUP_GENERATOR_ONE (variable length)",
560 "OAKLEY_GROUP_GENERATOR_TWO (variable length)",
561 "OAKLEY_GROUP_CURVE_A (variable length)",
562 "OAKLEY_GROUP_CURVE_B (variable length)",
563 NULL,
564 "OAKLEY_LIFE_DURATION (variable length)",
565 NULL,
566 NULL,
567 NULL,
568 "OAKLEY_GROUP_ORDER (variable length)",
569 };
570
571 static enum_names oakley_attr_desc_tv = {
572 OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
573 OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
574
575 enum_names oakley_attr_names = {
576 OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
577 oakley_var_attr_name, &oakley_attr_desc_tv };
578
579 /* for each Oakley attribute, which enum_names describes its values? */
580 enum_names *oakley_attr_val_descs[] = {
581 NULL, /* (none) */
582 &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
583 &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
584 &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
585 &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
586 &oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
587 NULL, /* OAKLEY_GROUP_PRIME */
588 NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
589 NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
590 NULL, /* OAKLEY_GROUP_CURVE_A */
591 NULL, /* OAKLEY_GROUP_CURVE_B */
592 &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
593 NULL, /* OAKLEY_LIFE_DURATION */
594 &oakley_prf_names, /* OAKLEY_PRF */
595 NULL, /* OAKLEY_KEY_LENGTH */
596 NULL, /* OAKLEY_FIELD_SIZE */
597 NULL, /* OAKLEY_GROUP_ORDER */
598 };
599
600 /* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
601
602 static const char *const ipsec_attr_name[] = {
603 "SA_LIFE_TYPE",
604 "SA_LIFE_DURATION",
605 "GROUP_DESCRIPTION",
606 "ENCAPSULATION_MODE",
607 "AUTH_ALGORITHM",
608 "KEY_LENGTH",
609 "KEY_ROUNDS",
610 "COMPRESS_DICT_SIZE",
611 "COMPRESS_PRIVATE_ALG",
612 };
613
614 static const char *const ipsec_var_attr_name[] = {
615 "SA_LIFE_DURATION (variable length)",
616 NULL,
617 NULL,
618 NULL,
619 NULL,
620 NULL,
621 NULL,
622 "COMPRESS_PRIVATE_ALG (variable length)",
623 };
624
625 static enum_names ipsec_attr_desc_tv = {
626 SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
627 COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
628 ipsec_attr_name, NULL };
629
630 enum_names ipsec_attr_names = {
631 SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
632 ipsec_var_attr_name, &ipsec_attr_desc_tv };
633
634 /* for each IPsec attribute, which enum_names describes its values? */
635 enum_names *ipsec_attr_val_descs[] = {
636 NULL, /* (none) */
637 &sa_lifetime_names, /* SA_LIFE_TYPE */
638 NULL, /* SA_LIFE_DURATION */
639 &oakley_group_names, /* GROUP_DESCRIPTION */
640 &enc_mode_names, /* ENCAPSULATION_MODE */
641 &auth_alg_names, /* AUTH_ALGORITHM */
642 NULL, /* KEY_LENGTH */
643 NULL, /* KEY_ROUNDS */
644 NULL, /* COMPRESS_DICT_SIZE */
645 NULL, /* COMPRESS_PRIVATE_ALG */
646 };
647
648 /* SA Lifetime Type attribute */
649
650 static const char *const sa_lifetime_name[] = {
651 "SA_LIFE_TYPE_SECONDS",
652 "SA_LIFE_TYPE_KBYTES",
653 };
654
655 enum_names sa_lifetime_names =
656 { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
657
658 /* Encapsulation Mode attribute */
659
660 static const char *const enc_mode_name[] = {
661 "ENCAPSULATION_MODE_TUNNEL",
662 "ENCAPSULATION_MODE_TRANSPORT",
663 "ENCAPSULATION_MODE_UDP_TUNNEL",
664 "ENCAPSULATION_MODE_UDP_TRANSPORT",
665 };
666
667 static const char *const enc_udp_mode_name[] = {
668 "ENCAPSULATION_MODE_UDP_TUNNEL",
669 "ENCAPSULATION_MODE_UDP_TRANSPORT",
670 };
671
672 static enum_names enc_udp_mode_names =
673 { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
674
675 enum_names enc_mode_names =
676 { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
677
678 /* Auth Algorithm attribute */
679
680 static const char *const auth_alg_name[] = {
681 "AUTH_ALGORITHM_HMAC_MD5",
682 "AUTH_ALGORITHM_HMAC_SHA1",
683 "AUTH_ALGORITHM_DES_MAC",
684 "AUTH_ALGORITHM_KPDK",
685 "AUTH_ALGORITHM_HMAC_SHA2_256",
686 "AUTH_ALGORITHM_HMAC_SHA2_384",
687 "AUTH_ALGORITHM_HMAC_SHA2_512",
688 "AUTH_ALGORITHM_HMAC_RIPEMD",
689 };
690
691 static const char *const extended_auth_alg_name[] = {
692 "AUTH_ALGORITHM_NULL"
693 };
694
695 enum_names extended_auth_alg_names =
696 { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
697
698 enum_names auth_alg_names =
699 { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_HMAC_RIPEMD, auth_alg_name
700 , &extended_auth_alg_names };
701
702 /* From draft-beaulieu-ike-xauth */
703 static const char *const xauth_type_name[] = {
704 "Generic",
705 "RADIUS-CHAP",
706 "OTP",
707 "S/KEY",
708 };
709
710 enum_names xauth_type_names =
711 { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
712
713 /* From draft-beaulieu-ike-xauth */
714 static const char *const xauth_attr_tv_name[] = {
715 "XAUTH_TYPE",
716 NULL,
717 NULL,
718 NULL,
719 NULL,
720 NULL,
721 NULL,
722 "XAUTH_STATUS",
723 };
724
725 enum_names xauth_attr_tv_names = {
726 XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
727 XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
728
729 static const char *const xauth_attr_name[] = {
730 "XAUTH_USER_NAME",
731 "XAUTH_USER_PASSWORD",
732 "XAUTH_PASSCODE",
733 "XAUTH_MESSAGE",
734 "XAUTH_CHALLENGE",
735 "XAUTH_DOMAIN",
736 "XAUTH_STATUS (wrong TLV syntax, should be TV)",
737 "XAUTH_NEXT_PIN",
738 "XAUTH_ANSWER",
739 };
740
741 enum_names xauth_attr_names =
742 { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &xauth_attr_tv_names };
743
744 static const char *const modecfg_attr_name[] = {
745 "INTERNAL_IP4_ADDRESS",
746 "INTERNAL_IP4_NETMASK",
747 "INTERNAL_IP4_DNS",
748 "INTERNAL_IP4_NBNS",
749 "INTERNAL_ADDRESS_EXPIRY",
750 "INTERNAL_IP4_DHCP",
751 "APPLICATION_VERSION",
752 "INTERNAL_IP6_ADDRESS",
753 "INTERNAL_IP6_NETMASK",
754 "INTERNAL_IP6_DNS",
755 "INTERNAL_IP6_NBNS",
756 "INTERNAL_IP6_DHCP",
757 "INTERNAL_IP4_SUBNET",
758 "SUPPORTED_ATTRIBUTES",
759 "INTERNAL_IP6_SUBNET",
760 NULL
761 };
762
763 enum_names modecfg_attr_names =
764 { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
765
766 /* Oakley Lifetime Type attribute */
767
768 static const char *const oakley_lifetime_name[] = {
769 "OAKLEY_LIFE_SECONDS",
770 "OAKLEY_LIFE_KILOBYTES",
771 };
772
773 enum_names oakley_lifetime_names =
774 { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
775
776 /* Oakley PRF attribute (none defined) */
777
778 enum_names oakley_prf_names =
779 { 1, 0, NULL, NULL };
780
781 /* Oakley Encryption Algorithm attribute */
782
783 static const char *const oakley_enc_name[] = {
784 "OAKLEY_DES_CBC",
785 "OAKLEY_IDEA_CBC",
786 "OAKLEY_BLOWFISH_CBC",
787 "OAKLEY_RC5_R16_B64_CBC",
788 "OAKLEY_3DES_CBC",
789 "OAKLEY_CAST_CBC",
790 "OAKLEY_AES_CBC",
791 };
792
793 #ifdef NO_EXTRA_IKE
794 enum_names oakley_enc_names =
795 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name, NULL };
796 #else
797 static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
798 "OAKLEY_MARS_CBC" /* 65001 */,
799 "OAKLEY_RC6_CBC" /* 65002 */,
800 "OAKLEY_ID_65003" /* 65003 */,
801 "OAKLEY_SERPENT_CBC" /* 65004 */,
802 "OAKLEY_TWOFISH_CBC" /* 65005 */,
803 };
804 static const char *const oakley_enc_name_ssh[] = {
805 "OAKLEY_TWOFISH_CBC_SSH",
806 };
807 enum_names oakley_enc_names_ssh =
808 { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
809 , NULL };
810
811 enum_names oakley_enc_names_draft_aes_cbc_02 =
812 { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
813 , &oakley_enc_names_ssh };
814
815 enum_names oakley_enc_names =
816 { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name
817 , &oakley_enc_names_draft_aes_cbc_02 };
818 #endif
819
820 /* Oakley Hash Algorithm attribute */
821
822 static const char *const oakley_hash_name[] = {
823 "OAKLEY_MD5",
824 "OAKLEY_SHA",
825 "OAKLEY_TIGER",
826 "OAKLEY_SHA2_256",
827 "OAKLEY_SHA2_384",
828 "OAKLEY_SHA2_512",
829 };
830
831 enum_names oakley_hash_names =
832 { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
833
834 /* Oakley Authentication Method attribute */
835
836 static const char *const oakley_auth_name1[] = {
837 "OAKLEY_PRESHARED_KEY",
838 "OAKLEY_DSS_SIG",
839 "OAKLEY_RSA_SIG",
840 "OAKLEY_RSA_ENC",
841 "OAKLEY_RSA_ENC_REV",
842 "OAKLEY_ELGAMAL_ENC",
843 "OAKLEY_ELGAMAL_ENC_REV",
844 };
845
846 static const char *const oakley_auth_name2[] = {
847 "HybridInitRSA",
848 "HybridRespRSA",
849 "HybridInitDSS",
850 "HybridRespDSS",
851 };
852
853 static const char *const oakley_auth_name3[] = {
854 "XAUTHInitPreShared",
855 "XAUTHRespPreShared",
856 "XAUTHInitDSS",
857 "XAUTHRespDSS",
858 "XAUTHInitRSA",
859 "XAUTHRespRSA",
860 "XAUTHInitRSAEncryption",
861 "XAUTHRespRSAEncryption",
862 "XAUTHInitRSARevisedEncryption",
863 "XAUTHRespRSARevisedEncryption",
864 };
865
866 static enum_names oakley_auth_names1 =
867 { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
868 , oakley_auth_name1, NULL };
869
870 static enum_names oakley_auth_names2 =
871 { HybridInitRSA, HybridRespDSS
872 , oakley_auth_name2, &oakley_auth_names1 };
873
874 enum_names oakley_auth_names =
875 { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
876 , oakley_auth_name3, &oakley_auth_names2 };
877
878 /* Oakley Group Description attribute */
879
880 static const char *const oakley_group_name[] = {
881 "OAKLEY_GROUP_MODP768",
882 "OAKLEY_GROUP_MODP1024",
883 "OAKLEY_GROUP_GP155",
884 "OAKLEY_GROUP_GP185",
885 "OAKLEY_GROUP_MODP1536",
886 };
887
888 static const char *const oakley_group_name_rfc3526[] = {
889 "OAKLEY_GROUP_MODP2048",
890 "OAKLEY_GROUP_MODP3072",
891 "OAKLEY_GROUP_MODP4096",
892 "OAKLEY_GROUP_MODP6144",
893 "OAKLEY_GROUP_MODP8192"
894 };
895 enum_names oakley_group_names_rfc3526 =
896 { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
897 oakley_group_name_rfc3526, NULL };
898
899 enum_names oakley_group_names =
900 { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
901 oakley_group_name, &oakley_group_names_rfc3526 };
902
903 /* Oakley Group Type attribute */
904
905 static const char *const oakley_group_type_name[] = {
906 "OAKLEY_GROUP_TYPE_MODP",
907 "OAKLEY_GROUP_TYPE_ECP",
908 "OAKLEY_GROUP_TYPE_EC2N",
909 };
910
911 enum_names oakley_group_type_names =
912 { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
913
914 /* Notify messages -- error types */
915
916 static const char *const notification_name[] = {
917 "INVALID_PAYLOAD_TYPE",
918 "DOI_NOT_SUPPORTED",
919 "SITUATION_NOT_SUPPORTED",
920 "INVALID_COOKIE",
921 "INVALID_MAJOR_VERSION",
922 "INVALID_MINOR_VERSION",
923 "INVALID_EXCHANGE_TYPE",
924 "INVALID_FLAGS",
925 "INVALID_MESSAGE_ID",
926 "INVALID_PROTOCOL_ID",
927 "INVALID_SPI",
928 "INVALID_TRANSFORM_ID",
929 "ATTRIBUTES_NOT_SUPPORTED",
930 "NO_PROPOSAL_CHOSEN",
931 "BAD_PROPOSAL_SYNTAX",
932 "PAYLOAD_MALFORMED",
933 "INVALID_KEY_INFORMATION",
934 "INVALID_ID_INFORMATION",
935 "INVALID_CERT_ENCODING",
936 "INVALID_CERTIFICATE",
937 "CERT_TYPE_UNSUPPORTED",
938 "INVALID_CERT_AUTHORITY",
939 "INVALID_HASH_INFORMATION",
940 "AUTHENTICATION_FAILED",
941 "INVALID_SIGNATURE",
942 "ADDRESS_NOTIFICATION",
943 "NOTIFY_SA_LIFETIME",
944 "CERTIFICATE_UNAVAILABLE",
945 "UNSUPPORTED_EXCHANGE_TYPE",
946 "UNEQUAL_PAYLOAD_LENGTHS",
947 };
948
949 static const char *const notification_status_name[] = {
950 "CONNECTED",
951 };
952
953 static const char *const ipsec_notification_name[] = {
954 "IPSEC_RESPONDER_LIFETIME",
955 "IPSEC_REPLAY_STATUS",
956 "IPSEC_INITIAL_CONTACT",
957 };
958
959 static const char *const notification_dpd_name[] = {
960 "R_U_THERE",
961 "R_U_THERE_ACK",
962 };
963
964 enum_names notification_dpd_names =
965 { R_U_THERE, R_U_THERE_ACK,
966 notification_dpd_name, NULL };
967
968 enum_names ipsec_notification_names =
969 { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
970 ipsec_notification_name, &notification_dpd_names };
971
972 enum_names notification_status_names =
973 { CONNECTED, CONNECTED,
974 notification_status_name, &ipsec_notification_names };
975
976 enum_names notification_names =
977 { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
978 notification_name, &notification_status_names };
979
980 /* MODECFG
981 * From draft-dukes-ike-mode-cfg
982 */
983 const char *const attr_msg_type_name[] = {
984 "ISAKMP_CFG_RESERVED",
985 "ISAKMP_CFG_REQUEST",
986 "ISAKMP_CFG_REPLY",
987 "ISAKMP_CFG_SET",
988 "ISAKMP_CFG_ACK",
989 NULL
990 };
991
992 enum_names attr_msg_type_names =
993 { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
994
995 /* socket address family info */
996
997 static const char *const af_inet_name[] = {
998 "AF_INET",
999 };
1000
1001 static const char *const af_inet6_name[] = {
1002 "AF_INET6",
1003 };
1004
1005 static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
1006
1007 enum_names af_names = { AF_INET, AF_INET, af_inet_name, &af_names6 };
1008
1009 static ip_address ipv4_any, ipv6_any;
1010 static ip_subnet ipv4_wildcard, ipv6_wildcard;
1011 static ip_subnet ipv4_all, ipv6_all;
1012
1013 const struct af_info af_inet4_info = {
1014 AF_INET,
1015 "AF_INET",
1016 sizeof(struct in_addr),
1017 sizeof(struct sockaddr_in),
1018 32,
1019 ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
1020 &ipv4_any, &ipv4_wildcard, &ipv4_all,
1021 };
1022
1023 const struct af_info af_inet6_info = {
1024 AF_INET6,
1025 "AF_INET6",
1026 sizeof(struct in6_addr),
1027 sizeof(struct sockaddr_in6),
1028 128,
1029 ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
1030 &ipv6_any, &ipv6_wildcard, &ipv6_all,
1031 };
1032
1033 const struct af_info *
1034 aftoinfo(int af)
1035 {
1036 switch (af)
1037 {
1038 case AF_INET:
1039 return &af_inet4_info;
1040 case AF_INET6:
1041 return &af_inet6_info;
1042 default:
1043 return NULL;
1044 }
1045 }
1046
1047 bool
1048 subnetisnone(const ip_subnet *sn)
1049 {
1050 ip_address base;
1051
1052 networkof(sn, &base);
1053 return isanyaddr(&base) && subnetishost(sn);
1054 }
1055
1056 /* BIND enumerated types */
1057
1058 #include <arpa/nameser.h>
1059
1060 static const char *const rr_type_name[] = {
1061 "T_A", /* 1 host address */
1062 "T_NS", /* 2 authoritative server */
1063 "T_MD", /* 3 mail destination */
1064 "T_MF", /* 4 mail forwarder */
1065 "T_CNAME", /* 5 canonical name */
1066 "T_SOA", /* 6 start of authority zone */
1067 "T_MB", /* 7 mailbox domain name */
1068 "T_MG", /* 8 mail group member */
1069 "T_MR", /* 9 mail rename name */
1070 "T_NULL", /* 10 null resource record */
1071 "T_WKS", /* 11 well known service */
1072 "T_PTR", /* 12 domain name pointer */
1073 "T_HINFO", /* 13 host information */
1074 "T_MINFO", /* 14 mailbox information */
1075 "T_MX", /* 15 mail routing information */
1076 "T_TXT", /* 16 text strings */
1077 "T_RP", /* 17 responsible person */
1078 "T_AFSDB", /* 18 AFS cell database */
1079 "T_X25", /* 19 X_25 calling address */
1080 "T_ISDN", /* 20 ISDN calling address */
1081 "T_RT", /* 21 router */
1082 "T_NSAP", /* 22 NSAP address */
1083 "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
1084 "T_SIG", /* 24 security signature */
1085 "T_KEY", /* 25 security key */
1086 "T_PX", /* 26 X.400 mail mapping */
1087 "T_GPOS", /* 27 geographical position (withdrawn) */
1088 "T_AAAA", /* 28 IP6 Address */
1089 "T_LOC", /* 29 Location Information */
1090 "T_NXT", /* 30 Next Valid Name in Zone */
1091 "T_EID", /* 31 Endpoint identifier */
1092 "T_NIMLOC", /* 32 Nimrod locator */
1093 "T_SRV", /* 33 Server selection */
1094 "T_ATMA", /* 34 ATM Address */
1095 "T_NAPTR", /* 35 Naming Authority PoinTeR */
1096 NULL
1097 };
1098
1099 enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
1100
1101 /* Query type values which do not appear in resource records */
1102 static const char *const rr_qtype_name[] = {
1103 "T_IXFR", /* 251 incremental zone transfer */
1104 "T_AXFR", /* 252 transfer zone of authority */
1105 "T_MAILB", /* 253 transfer mailbox records */
1106 "T_MAILA", /* 254 transfer mail agent records */
1107 "T_ANY", /* 255 wildcard match */
1108 NULL
1109 };
1110
1111 enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
1112
1113 static const char *const rr_class_name[] = {
1114 "C_IN", /* 1 the arpa internet */
1115 NULL
1116 };
1117
1118 enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
1119
1120 /*
1121 * NAT-Traversal defines for nat_traveral type from nat_traversal.h
1122 *
1123 */
1124 const char *const natt_type_bitnames[] = {
1125 "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
1126 "draft-ietf-ipsec-nat-t-ike-02/03",
1127 "RFC 3947",
1128 "3", /* 3 */
1129 "4", "5", "6", "7",
1130 "8", "9", "10", "11",
1131 "12", "13", "14", "15",
1132 "16", "17", "18", "19",
1133 "20", "21", "22", "23",
1134 "24", "25", "26", "27",
1135 "28", "29",
1136 "nat is behind me",
1137 "nat is behind peer"
1138 };
1139
1140 /* look up enum names in an enum_names */
1141
1142 const char *
1143 enum_name(enum_names *ed, unsigned long val)
1144 {
1145 enum_names *p;
1146
1147 for (p = ed; p != NULL; p = p->en_next_range)
1148 {
1149 if (p->en_first <= val && val <= p->en_last)
1150 return p->en_names[val - p->en_first];
1151 }
1152 return NULL;
1153 }
1154
1155 /* find or construct a string to describe an enum value
1156 * Result may be in STATIC buffer!
1157 */
1158 const char *
1159 enum_show(enum_names *ed, unsigned long val)
1160 {
1161 const char *p = enum_name(ed, val);
1162
1163 if (p == NULL)
1164 {
1165 static char buf[12]; /* only one! I hope that it is big enough */
1166
1167 snprintf(buf, sizeof(buf), "%lu??", val);
1168 p = buf;
1169 }
1170 return p;
1171 }
1172
1173
1174 static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
1175
1176 int
1177 enum_search(enum_names *ed, const char *str)
1178 {
1179 enum_names *p;
1180 const char *ptr;
1181 unsigned en;
1182
1183 for (p = ed; p != NULL; p = p->en_next_range)
1184 for (en = p->en_first; en <= p->en_last ;en++)
1185 {
1186 ptr = p->en_names[en - p->en_first];
1187 if (ptr == 0) continue;
1188 /* if (strncmp(ptr, str, strlen(ptr))==0) */
1189 if (strcmp(ptr, str) == 0)
1190 return en;
1191 }
1192 return -1;
1193 }
1194
1195 /* construct a string to name the bits on in a set
1196 * Result may be in STATIC buffer!
1197 * Note: prettypolicy depends on internal details.
1198 */
1199 const char *
1200 bitnamesof(const char *const table[], lset_t val)
1201 {
1202 char *p = bitnamesbuf;
1203 lset_t bit;
1204 const char *const *tp;
1205
1206 if (val == 0)
1207 return "none";
1208
1209 for (tp = table, bit = 01; val != 0; bit <<= 1)
1210 {
1211 if (val & bit)
1212 {
1213 const char *n = *tp;
1214 size_t nl;
1215
1216 if (n == NULL || *n == '\0')
1217 {
1218 /* no name for this bit, so use hex */
1219 static char flagbuf[sizeof("0x80000000")];
1220
1221 snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
1222 n = flagbuf;
1223 }
1224
1225 nl = strlen(n);
1226
1227 if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
1228 *p++ = '+';
1229
1230 if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
1231 {
1232 strcpy(p, n);
1233 p += nl;
1234 }
1235 val -= bit;
1236 }
1237 if (*tp != NULL)
1238 tp++; /* move on, but not past end */
1239 }
1240 *p = '\0';
1241 return bitnamesbuf;
1242 }
1243
1244 /* print a policy: like bitnamesof, but it also does the non-bitfields.
1245 * Suppress the shunt and fail fields if 0.
1246 */
1247 const char *
1248 prettypolicy(lset_t policy)
1249 {
1250 const char *bn = bitnamesof(sa_policy_bit_names
1251 , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
1252 size_t len;
1253 lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
1254 lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
1255
1256 if (bn != bitnamesbuf)
1257 bitnamesbuf[0] = '\0';
1258 len = strlen(bitnamesbuf);
1259 if (shunt != 0)
1260 {
1261 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
1262 , policy_shunt_names[shunt]);
1263 len += strlen(bitnamesbuf + len);
1264 }
1265 if (fail != 0)
1266 {
1267 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
1268 , policy_fail_names[fail]);
1269 len += strlen(bitnamesbuf + len);
1270 }
1271 if (NEVER_NEGOTIATE(policy))
1272 {
1273 snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
1274 len += strlen(bitnamesbuf + len);
1275 }
1276 return bitnamesbuf;
1277 }
1278
1279 /* test a set by seeing if all bits have names */
1280
1281 bool
1282 testset(const char *const table[], lset_t val)
1283 {
1284 lset_t bit;
1285 const char *const *tp;
1286
1287 for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
1288 {
1289 const char *n = *tp;
1290
1291 if (n == NULL || ((val & bit) && *n == '\0'))
1292 return FALSE;
1293 val &= ~bit;
1294 }
1295 return TRUE;
1296 }
1297
1298
1299 const char sparse_end[] = "end of sparse names";
1300
1301 /* look up enum names in a sparse_names */
1302 const char *sparse_name(sparse_names sd, unsigned long val)
1303 {
1304 const struct sparse_name *p;
1305
1306 for (p = sd; p->name != sparse_end; p++)
1307 if (p->val == val)
1308 return p->name;
1309 return NULL;
1310 }
1311
1312 /* find or construct a string to describe an sparse value
1313 * Result may be in STATIC buffer!
1314 */
1315 const char *
1316 sparse_val_show(sparse_names sd, unsigned long val)
1317 {
1318 const char *p = sparse_name(sd, val);
1319
1320 if (p == NULL)
1321 {
1322 static char buf[12]; /* only one! I hope that it is big enough */
1323
1324 snprintf(buf, sizeof(buf), "%lu??", val);
1325 p = buf;
1326 }
1327 return p;
1328 }
1329
1330 void init_constants(void)
1331 {
1332 happy(anyaddr(AF_INET, &ipv4_any));
1333 happy(anyaddr(AF_INET6, &ipv6_any));
1334
1335 happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
1336 happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
1337
1338 happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
1339 happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
1340 }