summaryrefslogtreecommitdiff
path: root/src/pluto/constants.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:25:24 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:25:24 +0000
commit41787e147279ff0695e9d759487266a60b80867b (patch)
tree8f28566c8fd7106c80d2536d2df540dbb4499cc5 /src/pluto/constants.c
parentc3e7f611ea8273c6b3909cb006ade4903a74aad0 (diff)
downloadvyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.tar.gz
vyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.3.2)
Diffstat (limited to 'src/pluto/constants.c')
-rw-r--r--src/pluto/constants.c1071
1 files changed, 543 insertions, 528 deletions
diff --git a/src/pluto/constants.c b/src/pluto/constants.c
index 50a75c0aa..adcd77131 100644
--- a/src/pluto/constants.c
+++ b/src/pluto/constants.c
@@ -1,5 +1,6 @@
/* tables of names for values defined in constants.h
- * Copyright (C) 1998-2002 D. Hugh Redelmeier.
+ * Copyright (C) 1998-2002 D. Hugh Redelmeier.
+ * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -10,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * RCSID $Id: constants.c 4612 2008-11-11 06:37:37Z andreas $
*/
/*
@@ -25,7 +24,6 @@
#include <netinet/in.h>
#include <freeswan.h>
-#include <ipsec_policy.h>
#include "constants.h"
#include "defs.h"
@@ -36,42 +34,36 @@
const char compile_time_interop_options[] = ""
#ifdef THREADS
- " THREADS"
-#endif
-#ifdef LIBCURL
- " LIBCURL"
-#endif
-#ifdef LIBLDAP
- " LIBLDAP"
+ " THREADS"
#endif
#ifdef SMARTCARD
- " SMARTCARD"
+ " SMARTCARD"
#endif
#ifdef VENDORID
- " VENDORID"
+ " VENDORID"
#endif
#ifdef CISCO_QUIRKS
- " CISCO_QUIRKS"
+ " CISCO_QUIRKS"
#endif
#ifdef USE_KEYRR
- " KEYRR"
+ " KEYRR"
#endif
- ;
+ ;
/* version */
static const char *const version_name[] = {
- "ISAKMP Version 1.0",
+ "ISAKMP Version 1.0",
};
enum_names version_names =
- { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
- ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
- version_name, NULL };
+ { ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
+ ISAKMP_MAJOR_VERSION<<ISA_MAJ_SHIFT | ISAKMP_MINOR_VERSION,
+ version_name, NULL };
/* RFC 2459 CRL reason codes */
-static const char *const crl_reason_name[] = {
+ENUM(crl_reason_names, REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL,
"unspecified",
"key compromise",
"ca compromise",
@@ -81,26 +73,20 @@ static const char *const crl_reason_name[] = {
"certificate hold",
"reason #7",
"remove from crl"
- };
-
-enum_names crl_reason_names =
- { REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL, crl_reason_name, NULL};
+);
/* RFC 3706 Dead Peer Detection */
-static const char *const dpd_action_name[] = {
+ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART,
"none",
"clear",
"hold",
"restart"
- };
-
-enum_names dpd_action_names =
- { DPD_ACTION_NONE, DPD_ACTION_RESTART, dpd_action_name, NULL};
-
+);
+
/* Timer events */
-static const char *const timer_event_name[] = {
+ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY,
"EVENT_NULL",
"EVENT_REINIT_SECRET",
"EVENT_SHUNT_SCAN",
@@ -113,16 +99,13 @@ static const char *const timer_event_name[] = {
"EVENT_DPD",
"EVENT_DPD_TIMEOUT",
"EVENT_LOG_DAILY"
- };
-
-enum_names timer_event_names =
- { EVENT_NULL, EVENT_LOG_DAILY, timer_event_name, NULL };
+);
/* Domain of Interpretation */
static const char *const doi_name[] = {
- "ISAKMP_DOI_ISAKMP",
- "ISAKMP_DOI_IPSEC",
+ "ISAKMP_DOI_ISAKMP",
+ "ISAKMP_DOI_IPSEC",
};
enum_names doi_names = { ISAKMP_DOI_ISAKMP, ISAKMP_DOI_IPSEC, doi_name, NULL };
@@ -155,7 +138,7 @@ const char *const debug_bit_names[] = {
"impair-bust-mr2",
NULL
- };
+};
#endif
/* State of exchanges */
@@ -197,78 +180,78 @@ static const char *const state_name[] = {
"STATE_MODE_CFG_R4",
"STATE_IKE_ROOF"
- };
+};
enum_names state_names =
- { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
+ { STATE_MAIN_R0, STATE_IKE_ROOF-1, state_name, NULL };
/* story for state */
const char *const state_story[] = {
- "expecting MI1", /* STATE_MAIN_R0 */
- "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
- "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
- "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
- "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
- "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
- "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
- "ISAKMP SA established", /* STATE_MAIN_I4 */
-
- "expecting QI1", /* STATE_QUICK_R0 */
- "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
- "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
- "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
- "IPsec SA established", /* STATE_QUICK_R2 */
-
- "got Informational Message in clear", /* STATE_INFO */
- "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
-
- "expecting XAUTH request", /* STATE_XAUTH_I0 */
- "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
- "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
- "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
- "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
- "received XAUTH ack, established", /* STATE_XAUTH_R3 */
-
- "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
+ "expecting MI1", /* STATE_MAIN_R0 */
+ "sent MI1, expecting MR1", /* STATE_MAIN_I1 */
+ "sent MR1, expecting MI2", /* STATE_MAIN_R1 */
+ "sent MI2, expecting MR2", /* STATE_MAIN_I2 */
+ "sent MR2, expecting MI3", /* STATE_MAIN_R2 */
+ "sent MI3, expecting MR3", /* STATE_MAIN_I3 */
+ "sent MR3, ISAKMP SA established", /* STATE_MAIN_R3 */
+ "ISAKMP SA established", /* STATE_MAIN_I4 */
+
+ "expecting QI1", /* STATE_QUICK_R0 */
+ "sent QI1, expecting QR1", /* STATE_QUICK_I1 */
+ "sent QR1, inbound IPsec SA installed, expecting QI2", /* STATE_QUICK_R1 */
+ "sent QI2, IPsec SA established", /* STATE_QUICK_I2 */
+ "IPsec SA established", /* STATE_QUICK_R2 */
+
+ "got Informational Message in clear", /* STATE_INFO */
+ "got encrypted Informational Message", /* STATE_INFO_PROTECTED */
+
+ "expecting XAUTH request", /* STATE_XAUTH_I0 */
+ "sent XAUTH request, expecting reply", /* STATE_XAUTH_R1 */
+ "sent XAUTH reply, expecting status", /* STATE_XAUTH_I1 */
+ "sent XAUTH status, expecting ack", /* STATE_XAUTH_R2 */
+ "sent XAUTH ack, established", /* STATE_XAUTH_I2 */
+ "received XAUTH ack, established", /* STATE_XAUTH_R3 */
+
+ "expecting ModeCfg request", /* STATE_MODE_CFG_R0 */
"sent ModeCfg request, expecting reply", /* STATE_MODE_CFG_I1 */
- "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
- "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
+ "sent ModeCfg reply, established", /* STATE_MODE_CFG_R1 */
+ "received ModeCfg reply, established", /* STATE_MODE_CFG_I2 */
- "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
- "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
- "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
- "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
- };
+ "expecting ModeCfg set", /* STATE_MODE_CFG_I0 */
+ "sent ModeCfg set, expecting ack", /* STATE_MODE_CFG_R3 */
+ "sent ModeCfg ack, established", /* STATE_MODE_CFG_I3 */
+ "received ModeCfg ack, established", /* STATE_MODE_CFG_R4 */
+};
/* kind of struct connection */
static const char *const connection_kind_name[] = {
- "CK_GROUP", /* policy group: instantiates to template */
- "CK_TEMPLATE", /* abstract connection, with wildcard */
- "CK_PERMANENT", /* normal connection */
- "CK_INSTANCE", /* instance of template, created for a particular attempt */
- "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
+ "CK_GROUP", /* policy group: instantiates to template */
+ "CK_TEMPLATE", /* abstract connection, with wildcard */
+ "CK_PERMANENT", /* normal connection */
+ "CK_INSTANCE", /* instance of template, created for a particular attempt */
+ "CK_GOING_AWAY" /* instance being deleted -- don't delete again */
};
enum_names connection_kind_names =
- { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
+ { CK_GROUP, CK_GOING_AWAY, connection_kind_name, NULL };
/* routing status names */
static const char *const routing_story_strings[] = {
- "unrouted", /* RT_UNROUTED: unrouted */
- "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
- "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
- "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
- "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
- "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
- "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
- "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
- };
+ "unrouted", /* RT_UNROUTED: unrouted */
+ "unrouted HOLD", /* RT_UNROUTED_HOLD: unrouted, but HOLD shunt installed */
+ "eroute eclipsed", /* RT_ROUTED_ECLIPSED: RT_ROUTED_PROSPECTIVE except bare HOLD or instance has eroute */
+ "prospective erouted", /* RT_ROUTED_PROSPECTIVE: routed, and prospective shunt installed */
+ "erouted HOLD", /* RT_ROUTED_HOLD: routed, and HOLD shunt installed */
+ "fail erouted", /* RT_ROUTED_FAILURE: routed, and failure-context shunt eroute installed */
+ "erouted", /* RT_ROUTED_TUNNEL: routed, and erouted to an IPSEC SA group */
+ "keyed, unrouted", /* RT_UNROUTED_KEYED: was routed+keyed, but it got turned into an outer policy */
+};
enum_names routing_story =
- { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
+ { RT_UNROUTED, RT_ROUTED_TUNNEL, routing_story_strings, NULL};
/* Payload types (RFC 2408 "ISAKMP" section 3.1) */
@@ -296,16 +279,18 @@ const char *const payload_name[] = {
"ISAKMP_NEXT_NAT-D",
"ISAKMP_NEXT_NAT-OA",
NULL
- };
+};
-const char *const payload_name_nat_d[] = { "ISAKMP_NEXT_NAT-D",
- "ISAKMP_NEXT_NAT-OA", NULL };
+const char *const payload_name_nat_d[] = {
+ "ISAKMP_NEXT_NAT-D",
+ "ISAKMP_NEXT_NAT-OA", NULL
+};
static enum_names payload_names_nat_d =
{ ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
-
+
enum_names payload_names =
- { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
+ { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d };
/* Exchange types (note: two discontinuous ranges) */
@@ -317,26 +302,26 @@ static const char *const exchange_name[] = {
"ISAKMP_XCHG_AGGR",
"ISAKMP_XCHG_INFO",
"ISAKMP_XCHG_MODE_CFG",
- };
+};
static const char *const exchange_name2[] = {
"ISAKMP_XCHG_QUICK",
"ISAKMP_XCHG_NGRP",
"ISAKMP_XCHG_ACK_INFO",
- };
+};
static enum_names exchange_desc2 =
- { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
+ { ISAKMP_XCHG_QUICK, ISAKMP_XCHG_ACK_INFO, exchange_name2, NULL };
enum_names exchange_names =
- { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
+ { ISAKMP_XCHG_NONE, ISAKMP_XCHG_MODE_CFG, exchange_name, &exchange_desc2 };
/* Flag BITS */
const char *const flag_bit_names[] = {
"ISAKMP_FLAG_ENCRYPTION",
"ISAKMP_FLAG_COMMIT",
NULL
- };
+};
/* Situation BITS definition for IPsec DOI */
@@ -345,7 +330,7 @@ const char *const sit_bit_names[] = {
"SIT_SECRECY",
"SIT_INTEGRITY",
NULL
- };
+};
/* Protocol IDs (RFC 2407 "IPsec DOI" section 4.4.1) */
@@ -354,78 +339,74 @@ static const char *const protocol_name[] = {
"PROTO_IPSEC_AH",
"PROTO_IPSEC_ESP",
"PROTO_IPCOMP",
- };
+};
enum_names protocol_names =
- { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
+ { PROTO_ISAKMP, PROTO_IPCOMP, protocol_name, NULL };
/* IPsec ISAKMP transform values */
static const char *const isakmp_transform_name[] = {
"KEY_IKE",
- };
+};
enum_names isakmp_transformid_names =
- { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
+ { KEY_IKE, KEY_IKE, isakmp_transform_name, NULL };
/* IPsec AH transform values */
static const char *const ah_transform_name[] = {
- "AH_MD5",
- "AH_SHA",
- "AH_DES",
- "AH_SHA2_256",
- "AH_SHA2_384",
- "AH_SHA2_512",
- "AH_RIPEMD",
- "AH_AES_XCBC_MAC",
- "AH_RSA"
- };
+ "HMAC_MD5",
+ "HMAC_SHA1",
+ "DES_MAC",
+ "HMAC_SHA2_256",
+ "HMAC_SHA2_384",
+ "HMAC_SHA2_512",
+ "HMAC_RIPEMD",
+ "AES_XCBC_96",
+ "SIG_RSA"
+};
enum_names ah_transformid_names =
- { AH_MD5, AH_RSA, ah_transform_name, NULL };
+ { AH_MD5, AH_RSA, ah_transform_name, NULL };
/* IPsec ESP transform values */
static const char *const esp_transform_name[] = {
- "ESP_DES_IV64",
- "ESP_DES",
- "ESP_3DES",
- "ESP_RC5",
- "ESP_IDEA",
- "ESP_CAST",
- "ESP_BLOWFISH",
- "ESP_3IDEA",
- "ESP_DES_IV32",
- "ESP_RC4",
- "ESP_NULL",
- "ESP_AES",
- "ESP_AES-CTR",
- "ESP_AES-CCM_8",
- "ESP_AES-CCM_12",
- "ESP_AES-CCM_16",
- "ESP_UNASSIGNED_17",
- "ESP_AES_GCM_8",
- "ESP_AES_GCM_12",
- "ESP_AES_GCM_16",
- "ESP_SEED_CBC",
- "ESP_CAMELLIA"
- };
+ "DES_IV64",
+ "DES_CBC",
+ "3DES_CBC",
+ "RC5_CBC",
+ "IDEA_CBC",
+ "CAST_CBC",
+ "BLOWFISH_CBC",
+ "3IDEA",
+ "DES_IV32",
+ "RC4",
+ "NULL",
+ "AES_CBC",
+ "AES_CTR",
+ "AES_CCM_8",
+ "AES_CCM_12",
+ "AES_CCM_16",
+ "UNASSIGNED_17",
+ "AES_GCM_8",
+ "AES_GCM_12",
+ "AES_GCM_16",
+ "SEED_CBC",
+ "CAMELLIA_CBC"
+};
-/*
- * ipsec drafts suggest "high" ESP ids values for testing,
- * assign generic ESP_ID<num> if not officially defined
- */
static const char *const esp_transform_name_high[] = {
- "ESP_SERPENT",
- "ESP_TWOFISH"
- };
+ "SERPENT_CBC",
+ "TWOFISH_CBC"
+};
enum_names esp_transformid_names_high =
- { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
+ { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
enum_names esp_transformid_names =
- { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
+ { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high };
/* IPCOMP transform values */
@@ -434,10 +415,10 @@ static const char *const ipcomp_transform_name[] = {
"IPCOMP_DEFLAT",
"IPCOMP_LZS",
"IPCOMP_LZJH",
- };
+};
enum_names ipcomp_transformid_names =
- { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
+ { IPCOMP_OUI, IPCOMP_LZJH, ipcomp_transform_name, NULL };
/* Identification type values */
@@ -453,10 +434,10 @@ static const char *const ident_name[] = {
"ID_DER_ASN1_DN",
"ID_DER_ASN1_GN",
"ID_KEY_ID",
- };
+};
enum_names ident_names =
- { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
+ { ID_IPV4_ADDR, ID_KEY_ID, ident_name, NULL };
/* Certificate type values */
@@ -472,21 +453,18 @@ static const char *const cert_type_name[] = {
"CERT_ARL",
"CERT_SPKI",
"CERT_X509_ATTRIBUTE",
- };
+};
enum_names cert_type_names =
- { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
+ { CERT_NONE, CERT_X509_ATTRIBUTE, cert_type_name, NULL };
/* Certificate policy names */
-static const char *const cert_policy_name[] = {
+ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
"ALWAYS_SEND",
"SEND_IF_ASKED",
"NEVER_SEND",
- };
-
-enum_names cert_policy_names =
- { CERT_ALWAYS_SEND, CERT_NEVER_SEND, cert_policy_name, NULL };
+);
/* Goal BITs for establishing an SA
* Note: we drop the POLICY_ prefix so that logs are more concise.
@@ -494,7 +472,7 @@ enum_names cert_policy_names =
const char *const sa_policy_bit_names[] = {
"PSK",
- "RSASIG",
+ "PUBKEY",
"ENCRYPT",
"AUTHENTICATE",
"COMPRESS",
@@ -517,24 +495,23 @@ const char *const sa_policy_bit_names[] = {
"DONTREAUTH",
"BEET",
"MOBIKE",
- "ECDSA",
"PROXY",
NULL
- };
+};
const char *const policy_shunt_names[4] = {
"TRAP",
"PASS",
"DROP",
"REJECT",
- };
+};
const char *const policy_fail_names[4] = {
"NONE",
"PASS",
"DROP",
"REJECT",
- };
+};
/* Oakley transform attributes
* oakley_attr_bit_names does double duty: it is used for enum names
@@ -560,7 +537,7 @@ const char *const oakley_attr_bit_names[] = {
"OAKLEY_GROUP_ORDER",
"OAKLEY_BLOCK_SIZE",
NULL
- };
+};
static const char *const oakley_var_attr_name[] = {
"OAKLEY_GROUP_PRIME (variable length)",
@@ -574,36 +551,36 @@ static const char *const oakley_var_attr_name[] = {
NULL,
NULL,
"OAKLEY_GROUP_ORDER (variable length)",
- };
+};
static enum_names oakley_attr_desc_tv = {
- OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
- OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
+ OAKLEY_ENCRYPTION_ALGORITHM + ISAKMP_ATTR_AF_TV,
+ OAKLEY_GROUP_ORDER + ISAKMP_ATTR_AF_TV, oakley_attr_bit_names, NULL };
enum_names oakley_attr_names = {
- OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
- oakley_var_attr_name, &oakley_attr_desc_tv };
+ OAKLEY_GROUP_PRIME, OAKLEY_GROUP_ORDER,
+ oakley_var_attr_name, &oakley_attr_desc_tv };
/* for each Oakley attribute, which enum_names describes its values? */
enum_names *oakley_attr_val_descs[] = {
- NULL, /* (none) */
- &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
- &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
- &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
- &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
+ NULL, /* (none) */
+ &oakley_enc_names, /* OAKLEY_ENCRYPTION_ALGORITHM */
+ &oakley_hash_names, /* OAKLEY_HASH_ALGORITHM */
+ &oakley_auth_names, /* OAKLEY_AUTHENTICATION_METHOD */
+ &oakley_group_names, /* OAKLEY_GROUP_DESCRIPTION */
&oakley_group_type_names,/* OAKLEY_GROUP_TYPE */
- NULL, /* OAKLEY_GROUP_PRIME */
- NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
- NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
- NULL, /* OAKLEY_GROUP_CURVE_A */
- NULL, /* OAKLEY_GROUP_CURVE_B */
- &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
- NULL, /* OAKLEY_LIFE_DURATION */
- &oakley_prf_names, /* OAKLEY_PRF */
- NULL, /* OAKLEY_KEY_LENGTH */
- NULL, /* OAKLEY_FIELD_SIZE */
- NULL, /* OAKLEY_GROUP_ORDER */
- };
+ NULL, /* OAKLEY_GROUP_PRIME */
+ NULL, /* OAKLEY_GROUP_GENERATOR_ONE */
+ NULL, /* OAKLEY_GROUP_GENERATOR_TWO */
+ NULL, /* OAKLEY_GROUP_CURVE_A */
+ NULL, /* OAKLEY_GROUP_CURVE_B */
+ &oakley_lifetime_names, /* OAKLEY_LIFE_TYPE */
+ NULL, /* OAKLEY_LIFE_DURATION */
+ &oakley_prf_names, /* OAKLEY_PRF */
+ NULL, /* OAKLEY_KEY_LENGTH */
+ NULL, /* OAKLEY_FIELD_SIZE */
+ NULL, /* OAKLEY_GROUP_ORDER */
+};
/* IPsec DOI attributes (RFC 2407 "IPsec DOI" section 4.5) */
@@ -617,7 +594,7 @@ static const char *const ipsec_attr_name[] = {
"KEY_ROUNDS",
"COMPRESS_DICT_SIZE",
"COMPRESS_PRIVATE_ALG",
- };
+};
static const char *const ipsec_var_attr_name[] = {
"SA_LIFE_DURATION (variable length)",
@@ -628,40 +605,40 @@ static const char *const ipsec_var_attr_name[] = {
NULL,
NULL,
"COMPRESS_PRIVATE_ALG (variable length)",
- };
+};
static enum_names ipsec_attr_desc_tv = {
- SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
- COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
- ipsec_attr_name, NULL };
+ SA_LIFE_TYPE + ISAKMP_ATTR_AF_TV,
+ COMPRESS_PRIVATE_ALG + ISAKMP_ATTR_AF_TV,
+ ipsec_attr_name, NULL };
enum_names ipsec_attr_names = {
- SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
- ipsec_var_attr_name, &ipsec_attr_desc_tv };
+ SA_LIFE_DURATION, COMPRESS_PRIVATE_ALG,
+ ipsec_var_attr_name, &ipsec_attr_desc_tv };
/* for each IPsec attribute, which enum_names describes its values? */
enum_names *ipsec_attr_val_descs[] = {
- NULL, /* (none) */
- &sa_lifetime_names, /* SA_LIFE_TYPE */
- NULL, /* SA_LIFE_DURATION */
- &oakley_group_names, /* GROUP_DESCRIPTION */
- &enc_mode_names, /* ENCAPSULATION_MODE */
- &auth_alg_names, /* AUTH_ALGORITHM */
- NULL, /* KEY_LENGTH */
- NULL, /* KEY_ROUNDS */
- NULL, /* COMPRESS_DICT_SIZE */
- NULL, /* COMPRESS_PRIVATE_ALG */
- };
+ NULL, /* (none) */
+ &sa_lifetime_names, /* SA_LIFE_TYPE */
+ NULL, /* SA_LIFE_DURATION */
+ &oakley_group_names, /* GROUP_DESCRIPTION */
+ &enc_mode_names, /* ENCAPSULATION_MODE */
+ &auth_alg_names, /* AUTH_ALGORITHM */
+ NULL, /* KEY_LENGTH */
+ NULL, /* KEY_ROUNDS */
+ NULL, /* COMPRESS_DICT_SIZE */
+ NULL, /* COMPRESS_PRIVATE_ALG */
+};
/* SA Lifetime Type attribute */
static const char *const sa_lifetime_name[] = {
"SA_LIFE_TYPE_SECONDS",
"SA_LIFE_TYPE_KBYTES",
- };
+};
enum_names sa_lifetime_names =
- { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
+ { SA_LIFE_TYPE_SECONDS, SA_LIFE_TYPE_KBYTES, sa_lifetime_name, NULL };
/* Encapsulation Mode attribute */
@@ -670,55 +647,55 @@ static const char *const enc_mode_name[] = {
"ENCAPSULATION_MODE_TRANSPORT",
"ENCAPSULATION_MODE_UDP_TUNNEL",
"ENCAPSULATION_MODE_UDP_TRANSPORT",
- };
+};
static const char *const enc_udp_mode_name[] = {
- "ENCAPSULATION_MODE_UDP_TUNNEL",
- "ENCAPSULATION_MODE_UDP_TRANSPORT",
- };
+ "ENCAPSULATION_MODE_UDP_TUNNEL",
+ "ENCAPSULATION_MODE_UDP_TRANSPORT",
+ };
static enum_names enc_udp_mode_names =
- { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
+ { ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS, ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS, enc_udp_mode_name, NULL };
enum_names enc_mode_names =
- { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
+ { ENCAPSULATION_MODE_TUNNEL, ENCAPSULATION_MODE_UDP_TRANSPORT_RFC, enc_mode_name, &enc_udp_mode_names };
/* Auth Algorithm attribute */
static const char *const auth_alg_name[] = {
- "AUTH_ALGORITHM_HMAC_MD5",
- "AUTH_ALGORITHM_HMAC_SHA1",
- "AUTH_ALGORITHM_DES_MAC",
- "AUTH_ALGORITHM_KPDK",
- "AUTH_ALGORITHM_HMAC_SHA2_256",
- "AUTH_ALGORITHM_HMAC_SHA2_384",
- "AUTH_ALGORITHM_HMAC_SHA2_512",
- "AUTH_ALGORITHM_HMAC_RIPEMD",
- "AUTH_ALGORITHM_AES_XCBC_MAC",
- "AUTH_ALGORITHM_SIG_RSA"
- };
+ "HMAC_MD5",
+ "HMAC_SHA1",
+ "DES_MAC",
+ "KPDK",
+ "HMAC_SHA2_256",
+ "HMAC_SHA2_384",
+ "HMAC_SHA2_512",
+ "HMAC_RIPEMD",
+ "AES_XCBC_96",
+ "SIG_RSA"
+};
static const char *const extended_auth_alg_name[] = {
- "AUTH_ALGORITHM_NULL"
- };
+ "NULL"
+ };
enum_names extended_auth_alg_names =
- { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
+ { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
enum_names auth_alg_names =
- { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
- , &extended_auth_alg_names };
+ { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
+ , &extended_auth_alg_names };
/* From draft-beaulieu-ike-xauth */
static const char *const xauth_type_name[] = {
- "Generic",
- "RADIUS-CHAP",
- "OTP",
- "S/KEY",
+ "Generic",
+ "RADIUS-CHAP",
+ "OTP",
+ "S/KEY",
};
enum_names xauth_type_names =
- { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
+ { XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
/* From draft-beaulieu-ike-xauth */
static const char *const xauth_attr_tv_name[] = {
@@ -730,11 +707,11 @@ static const char *const xauth_attr_tv_name[] = {
NULL,
NULL,
"XAUTH_STATUS",
- };
+};
enum_names xauth_attr_tv_names = {
- XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
- XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
+ XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
+ XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
static const char *const unity_attr_name[] = {
"UNITY_BANNER",
@@ -751,8 +728,15 @@ static const char *const unity_attr_name[] = {
};
enum_names unity_attr_names =
- { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
+ { UNITY_BANNER , UNITY_DDNS_HOSTNAME, unity_attr_name , &xauth_attr_tv_names };
+static const char *const microsoft_attr_name[] = {
+ "INTERNAL_IP4_SERVER",
+ "INTERNAL_IP6_SERVER",
+};
+
+enum_names microsoft_attr_names =
+ { INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, microsoft_attr_name , &unity_attr_names };
static const char *const xauth_attr_name[] = {
"XAUTH_USER_NAME",
@@ -764,10 +748,10 @@ static const char *const xauth_attr_name[] = {
"XAUTH_STATUS (wrong TLV syntax, should be TV)",
"XAUTH_NEXT_PIN",
"XAUTH_ANSWER",
- };
+};
enum_names xauth_attr_names =
- { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &unity_attr_names };
+ { XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &microsoft_attr_names };
static const char *const modecfg_attr_name[] = {
"INTERNAL_IP4_ADDRESS",
@@ -785,97 +769,104 @@ static const char *const modecfg_attr_name[] = {
"INTERNAL_IP4_SUBNET",
"SUPPORTED_ATTRIBUTES",
"INTERNAL_IP6_SUBNET",
- };
+};
enum_names modecfg_attr_names =
- { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
+ { INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
/* Oakley Lifetime Type attribute */
static const char *const oakley_lifetime_name[] = {
"OAKLEY_LIFE_SECONDS",
"OAKLEY_LIFE_KILOBYTES",
- };
+};
enum_names oakley_lifetime_names =
- { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
+ { OAKLEY_LIFE_SECONDS, OAKLEY_LIFE_KILOBYTES, oakley_lifetime_name, NULL };
/* Oakley PRF attribute (none defined) */
enum_names oakley_prf_names =
- { 1, 0, NULL, NULL };
+ { 1, 0, NULL, NULL };
/* Oakley Encryption Algorithm attribute */
static const char *const oakley_enc_name[] = {
- "OAKLEY_DES_CBC",
- "OAKLEY_IDEA_CBC",
- "OAKLEY_BLOWFISH_CBC",
- "OAKLEY_RC5_R16_B64_CBC",
- "OAKLEY_3DES_CBC",
- "OAKLEY_CAST_CBC",
- "OAKLEY_AES_CBC",
- };
+ "DES_CBC",
+ "IDEA_CBC",
+ "BLOWFISH_CBC",
+ "RC5_R16_B64_CBC",
+ "3DES_CBC",
+ "CAST_CBC",
+ "AES_CBC",
+ "CAMELLIA_CBC"
+};
#ifdef NO_EXTRA_IKE
enum_names oakley_enc_names =
- { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name, NULL };
+ { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name, NULL };
#else
static const char *const oakley_enc_name_draft_aes_cbc_02[] = {
- "OAKLEY_MARS_CBC" /* 65001 */,
- "OAKLEY_RC6_CBC" /* 65002 */,
- "OAKLEY_ID_65003" /* 65003 */,
- "OAKLEY_SERPENT_CBC" /* 65004 */,
- "OAKLEY_TWOFISH_CBC" /* 65005 */,
+ "MARS_CBC" /* 65001 */,
+ "RC6_CBC" /* 65002 */,
+ "ID_65003" /* 65003 */,
+ "SERPENT_CBC" /* 65004 */,
+ "TWOFISH_CBC" /* 65005 */,
};
+
static const char *const oakley_enc_name_ssh[] = {
- "OAKLEY_TWOFISH_CBC_SSH",
+ "TWOFISH_CBC_SSH",
};
+
enum_names oakley_enc_names_ssh =
- { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
- , NULL };
+ { OAKLEY_TWOFISH_CBC_SSH, OAKLEY_TWOFISH_CBC_SSH, oakley_enc_name_ssh
+ , NULL };
enum_names oakley_enc_names_draft_aes_cbc_02 =
- { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
- , &oakley_enc_names_ssh };
+ { OAKLEY_MARS_CBC, OAKLEY_TWOFISH_CBC, oakley_enc_name_draft_aes_cbc_02
+ , &oakley_enc_names_ssh };
enum_names oakley_enc_names =
- { OAKLEY_DES_CBC, OAKLEY_AES_CBC, oakley_enc_name
- , &oakley_enc_names_draft_aes_cbc_02 };
+ { OAKLEY_DES_CBC, OAKLEY_CAMELLIA_CBC, oakley_enc_name
+ , &oakley_enc_names_draft_aes_cbc_02 };
#endif
/* Oakley Hash Algorithm attribute */
static const char *const oakley_hash_name[] = {
- "OAKLEY_MD5",
- "OAKLEY_SHA",
- "OAKLEY_TIGER",
- "OAKLEY_SHA2_256",
- "OAKLEY_SHA2_384",
- "OAKLEY_SHA2_512",
- };
+ "HMAC_MD5",
+ "HMAC_SHA1",
+ "HMAC_TIGER",
+ "HMAC_SHA2_256",
+ "HMAC_SHA2_384",
+ "HMAC_SHA2_512",
+};
enum_names oakley_hash_names =
- { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
+ { OAKLEY_MD5, OAKLEY_SHA2_512, oakley_hash_name, NULL };
/* Oakley Authentication Method attribute */
static const char *const oakley_auth_name1[] = {
- "OAKLEY_PRESHARED_KEY",
- "OAKLEY_DSS_SIG",
- "OAKLEY_RSA_SIG",
- "OAKLEY_RSA_ENC",
- "OAKLEY_RSA_ENC_REV",
- "OAKLEY_ELGAMAL_ENC",
- "OAKLEY_ELGAMAL_ENC_REV",
- };
+ "pre-shared key",
+ "DSS signature",
+ "RSA signature",
+ "RSA encryption",
+ "RSA encryption revised",
+ "ElGamal encryption",
+ "ELGamal encryption revised",
+ "ECDSA signature",
+ "ECDSA-256 signature",
+ "ECDSA-384 signature",
+ "ECDSA-521-signature",
+};
static const char *const oakley_auth_name2[] = {
"HybridInitRSA",
"HybridRespRSA",
"HybridInitDSS",
"HybridRespDSS",
- };
+};
static const char *const oakley_auth_name3[] = {
"XAUTHInitPreShared",
@@ -888,44 +879,64 @@ static const char *const oakley_auth_name3[] = {
"XAUTHRespRSAEncryption",
"XAUTHInitRSARevisedEncryption",
"XAUTHRespRSARevisedEncryption",
- };
+};
static enum_names oakley_auth_names1 =
- { OAKLEY_PRESHARED_KEY, OAKLEY_ELGAMAL_ENC_REV
- , oakley_auth_name1, NULL };
+ { OAKLEY_PRESHARED_KEY, OAKLEY_ECDSA_521
+ , oakley_auth_name1, NULL };
static enum_names oakley_auth_names2 =
- { HybridInitRSA, HybridRespDSS
- , oakley_auth_name2, &oakley_auth_names1 };
+ { HybridInitRSA, HybridRespDSS
+ , oakley_auth_name2, &oakley_auth_names1 };
enum_names oakley_auth_names =
- { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
- , oakley_auth_name3, &oakley_auth_names2 };
+ { XAUTHInitPreShared, XAUTHRespRSARevisedEncryption
+ , oakley_auth_name3, &oakley_auth_names2 };
/* Oakley Group Description attribute */
static const char *const oakley_group_name[] = {
- "OAKLEY_GROUP_MODP768",
- "OAKLEY_GROUP_MODP1024",
- "OAKLEY_GROUP_GP155",
- "OAKLEY_GROUP_GP185",
- "OAKLEY_GROUP_MODP1536",
- };
+ "MODP_768",
+ "MODP_1024",
+ "GP_155",
+ "GP_185",
+ "MODP_1536",
+};
static const char *const oakley_group_name_rfc3526[] = {
- "OAKLEY_GROUP_MODP2048",
- "OAKLEY_GROUP_MODP3072",
- "OAKLEY_GROUP_MODP4096",
- "OAKLEY_GROUP_MODP6144",
- "OAKLEY_GROUP_MODP8192"
+ "MODP_2048",
+ "MODP_3072",
+ "MODP_4096",
+ "MODP_6144",
+ "MODP_8192"
+};
+
+static const char *const oakley_group_name_rfc4753[] = {
+ "ECP_256",
+ "ECP_384",
+ "ECP_521"
+};
+
+static const char *const oakley_group_name_rfc5114[] = {
+ "ECP_192",
+ "ECP_224"
};
+
+enum_names oakley_group_names_rfc5114 =
+ { ECP_192_BIT, ECP_224_BIT,
+ oakley_group_name_rfc5114, NULL };
+
+enum_names oakley_group_names_rfc4753 =
+ { ECP_256_BIT, ECP_521_BIT,
+ oakley_group_name_rfc4753, &oakley_group_names_rfc5114 };
+
enum_names oakley_group_names_rfc3526 =
- { OAKLEY_GROUP_MODP2048, OAKLEY_GROUP_MODP8192,
- oakley_group_name_rfc3526, NULL };
+ { MODP_2048_BIT, MODP_8192_BIT,
+ oakley_group_name_rfc3526, &oakley_group_names_rfc4753 };
enum_names oakley_group_names =
- { OAKLEY_GROUP_MODP768, OAKLEY_GROUP_MODP1536,
- oakley_group_name, &oakley_group_names_rfc3526 };
+ { MODP_768_BIT, MODP_1536_BIT,
+ oakley_group_name, &oakley_group_names_rfc3526 };
/* Oakley Group Type attribute */
@@ -933,10 +944,10 @@ static const char *const oakley_group_type_name[] = {
"OAKLEY_GROUP_TYPE_MODP",
"OAKLEY_GROUP_TYPE_ECP",
"OAKLEY_GROUP_TYPE_EC2N",
- };
+};
enum_names oakley_group_type_names =
- { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
+ { OAKLEY_GROUP_TYPE_MODP, OAKLEY_GROUP_TYPE_EC2N, oakley_group_type_name, NULL };
/* Notify messages -- error types */
@@ -971,38 +982,38 @@ static const char *const notification_name[] = {
"CERTIFICATE_UNAVAILABLE",
"UNSUPPORTED_EXCHANGE_TYPE",
"UNEQUAL_PAYLOAD_LENGTHS",
- };
+};
static const char *const notification_status_name[] = {
"CONNECTED",
- };
+};
static const char *const ipsec_notification_name[] = {
"IPSEC_RESPONDER_LIFETIME",
"IPSEC_REPLAY_STATUS",
"IPSEC_INITIAL_CONTACT",
- };
+};
static const char *const notification_dpd_name[] = {
- "R_U_THERE",
- "R_U_THERE_ACK",
+ "R_U_THERE",
+ "R_U_THERE_ACK",
};
enum_names notification_dpd_names =
- { R_U_THERE, R_U_THERE_ACK,
- notification_dpd_name, NULL };
+ { R_U_THERE, R_U_THERE_ACK,
+ notification_dpd_name, NULL };
enum_names ipsec_notification_names =
- { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
- ipsec_notification_name, &notification_dpd_names };
+ { IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
+ ipsec_notification_name, &notification_dpd_names };
enum_names notification_status_names =
- { CONNECTED, CONNECTED,
- notification_status_name, &ipsec_notification_names };
+ { CONNECTED, CONNECTED,
+ notification_status_name, &ipsec_notification_names };
enum_names notification_names =
- { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
- notification_name, &notification_status_names };
+ { INVALID_PAYLOAD_TYPE, UNEQUAL_PAYLOAD_LENGTHS,
+ notification_name, &notification_status_names };
/* MODECFG
* From draft-dukes-ike-mode-cfg
@@ -1014,20 +1025,20 @@ const char *const attr_msg_type_name[] = {
"ISAKMP_CFG_SET",
"ISAKMP_CFG_ACK",
NULL
- };
+};
enum_names attr_msg_type_names =
- { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
+ { 0 , ISAKMP_CFG_ACK, attr_msg_type_name , NULL };
/* socket address family info */
static const char *const af_inet_name[] = {
"AF_INET",
- };
+};
static const char *const af_inet6_name[] = {
"AF_INET6",
- };
+};
static enum_names af_names6 = { AF_INET6, AF_INET6, af_inet6_name, NULL };
@@ -1045,7 +1056,7 @@ const struct af_info af_inet4_info = {
32,
ID_IPV4_ADDR, ID_IPV4_ADDR_SUBNET, ID_IPV4_ADDR_RANGE,
&ipv4_any, &ipv4_wildcard, &ipv4_all,
- };
+};
const struct af_info af_inet6_info = {
AF_INET6,
@@ -1055,29 +1066,28 @@ const struct af_info af_inet6_info = {
128,
ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, ID_IPV6_ADDR_RANGE,
&ipv6_any, &ipv6_wildcard, &ipv6_all,
- };
+};
const struct af_info *
aftoinfo(int af)
{
- switch (af)
- {
- case AF_INET:
- return &af_inet4_info;
- case AF_INET6:
- return &af_inet6_info;
- default:
- return NULL;
- }
+ switch (af)
+ {
+ case AF_INET:
+ return &af_inet4_info;
+ case AF_INET6:
+ return &af_inet6_info;
+ default:
+ return NULL;
+ }
}
-bool
-subnetisnone(const ip_subnet *sn)
+bool subnetisnone(const ip_subnet *sn)
{
- ip_address base;
+ ip_address base;
- networkof(sn, &base);
- return isanyaddr(&base) && subnetishost(sn);
+ networkof(sn, &base);
+ return isanyaddr(&base) && subnetishost(sn);
}
/* BIND enumerated types */
@@ -1085,62 +1095,62 @@ subnetisnone(const ip_subnet *sn)
#include <arpa/nameser.h>
static const char *const rr_type_name[] = {
- "T_A", /* 1 host address */
- "T_NS", /* 2 authoritative server */
- "T_MD", /* 3 mail destination */
- "T_MF", /* 4 mail forwarder */
- "T_CNAME", /* 5 canonical name */
- "T_SOA", /* 6 start of authority zone */
- "T_MB", /* 7 mailbox domain name */
- "T_MG", /* 8 mail group member */
- "T_MR", /* 9 mail rename name */
- "T_NULL", /* 10 null resource record */
- "T_WKS", /* 11 well known service */
- "T_PTR", /* 12 domain name pointer */
- "T_HINFO", /* 13 host information */
- "T_MINFO", /* 14 mailbox information */
- "T_MX", /* 15 mail routing information */
- "T_TXT", /* 16 text strings */
- "T_RP", /* 17 responsible person */
- "T_AFSDB", /* 18 AFS cell database */
- "T_X25", /* 19 X_25 calling address */
- "T_ISDN", /* 20 ISDN calling address */
- "T_RT", /* 21 router */
- "T_NSAP", /* 22 NSAP address */
- "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
- "T_SIG", /* 24 security signature */
- "T_KEY", /* 25 security key */
- "T_PX", /* 26 X.400 mail mapping */
- "T_GPOS", /* 27 geographical position (withdrawn) */
- "T_AAAA", /* 28 IP6 Address */
- "T_LOC", /* 29 Location Information */
- "T_NXT", /* 30 Next Valid Name in Zone */
- "T_EID", /* 31 Endpoint identifier */
- "T_NIMLOC", /* 32 Nimrod locator */
- "T_SRV", /* 33 Server selection */
- "T_ATMA", /* 34 ATM Address */
- "T_NAPTR", /* 35 Naming Authority PoinTeR */
+ "T_A", /* 1 host address */
+ "T_NS", /* 2 authoritative server */
+ "T_MD", /* 3 mail destination */
+ "T_MF", /* 4 mail forwarder */
+ "T_CNAME", /* 5 canonical name */
+ "T_SOA", /* 6 start of authority zone */
+ "T_MB", /* 7 mailbox domain name */
+ "T_MG", /* 8 mail group member */
+ "T_MR", /* 9 mail rename name */
+ "T_NULL", /* 10 null resource record */
+ "T_WKS", /* 11 well known service */
+ "T_PTR", /* 12 domain name pointer */
+ "T_HINFO", /* 13 host information */
+ "T_MINFO", /* 14 mailbox information */
+ "T_MX", /* 15 mail routing information */
+ "T_TXT", /* 16 text strings */
+ "T_RP", /* 17 responsible person */
+ "T_AFSDB", /* 18 AFS cell database */
+ "T_X25", /* 19 X_25 calling address */
+ "T_ISDN", /* 20 ISDN calling address */
+ "T_RT", /* 21 router */
+ "T_NSAP", /* 22 NSAP address */
+ "T_NSAP_PTR", /* 23 reverse NSAP lookup (deprecated) */
+ "T_SIG", /* 24 security signature */
+ "T_KEY", /* 25 security key */
+ "T_PX", /* 26 X.400 mail mapping */
+ "T_GPOS", /* 27 geographical position (withdrawn) */
+ "T_AAAA", /* 28 IP6 Address */
+ "T_LOC", /* 29 Location Information */
+ "T_NXT", /* 30 Next Valid Name in Zone */
+ "T_EID", /* 31 Endpoint identifier */
+ "T_NIMLOC", /* 32 Nimrod locator */
+ "T_SRV", /* 33 Server selection */
+ "T_ATMA", /* 34 ATM Address */
+ "T_NAPTR", /* 35 Naming Authority PoinTeR */
NULL
- };
+};
enum_names rr_type_names = { T_A, T_NAPTR, rr_type_name, NULL };
/* Query type values which do not appear in resource records */
static const char *const rr_qtype_name[] = {
- "T_IXFR", /* 251 incremental zone transfer */
- "T_AXFR", /* 252 transfer zone of authority */
- "T_MAILB", /* 253 transfer mailbox records */
- "T_MAILA", /* 254 transfer mail agent records */
- "T_ANY", /* 255 wildcard match */
+ "T_IXFR", /* 251 incremental zone transfer */
+ "T_AXFR", /* 252 transfer zone of authority */
+ "T_MAILB", /* 253 transfer mailbox records */
+ "T_MAILA", /* 254 transfer mail agent records */
+ "T_ANY", /* 255 wildcard match */
NULL
- };
+};
enum_names rr_qtype_names = { T_IXFR, T_ANY, rr_qtype_name, &rr_type_names };
static const char *const rr_class_name[] = {
- "C_IN", /* 1 the arpa internet */
+ "C_IN", /* 1 the arpa internet */
NULL
- };
+};
enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
@@ -1149,34 +1159,33 @@ enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
*
*/
const char *const natt_type_bitnames[] = {
- "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
- "draft-ietf-ipsec-nat-t-ike-02/03",
- "RFC 3947",
- "3", /* 3 */
- "4", "5", "6", "7",
- "8", "9", "10", "11",
- "12", "13", "14", "15",
- "16", "17", "18", "19",
- "20", "21", "22", "23",
- "24", "25", "26", "27",
- "28", "29",
- "nat is behind me",
- "nat is behind peer"
+ "draft-ietf-ipsec-nat-t-ike-00/01", /* 0 */
+ "draft-ietf-ipsec-nat-t-ike-02/03",
+ "RFC 3947",
+ "3", /* 3 */
+ "4", "5", "6", "7",
+ "8", "9", "10", "11",
+ "12", "13", "14", "15",
+ "16", "17", "18", "19",
+ "20", "21", "22", "23",
+ "24", "25", "26", "27",
+ "28", "29",
+ "nat is behind me",
+ "nat is behind peer"
};
/* look up enum names in an enum_names */
-const char *
-enum_name(enum_names *ed, unsigned long val)
+const char* enum_name(enum_names *ed, unsigned long val)
{
- enum_names *p;
-
- for (p = ed; p != NULL; p = p->en_next_range)
- {
- if (p->en_first <= val && val <= p->en_last)
- return p->en_names[val - p->en_first];
- }
- return NULL;
+ enum_names *p;
+
+ for (p = ed; p != NULL; p = p->en_next_range)
+ {
+ if (p->en_first <= val && val <= p->en_last)
+ return p->en_names[val - p->en_first];
+ }
+ return NULL;
}
/* find or construct a string to describe an enum value
@@ -1185,16 +1194,16 @@ enum_name(enum_names *ed, unsigned long val)
const char *
enum_show(enum_names *ed, unsigned long val)
{
- const char *p = enum_name(ed, val);
+ const char *p = enum_name(ed, val);
- if (p == NULL)
- {
- static char buf[12]; /* only one! I hope that it is big enough */
+ if (p == NULL)
+ {
+ static char buf[12]; /* only one! I hope that it is big enough */
- snprintf(buf, sizeof(buf), "%lu??", val);
- p = buf;
- }
- return p;
+ snprintf(buf, sizeof(buf), "%lu??", val);
+ p = buf;
+ }
+ return p;
}
@@ -1203,123 +1212,126 @@ static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */
int
enum_search(enum_names *ed, const char *str)
{
- enum_names *p;
- const char *ptr;
- unsigned en;
+ enum_names *p;
+ const char *ptr;
+ unsigned en;
- for (p = ed; p != NULL; p = p->en_next_range)
- for (en = p->en_first; en <= p->en_last ;en++)
+ for (p = ed; p != NULL; p = p->en_next_range)
{
- ptr = p->en_names[en - p->en_first];
- if (ptr == 0) continue;
- /* if (strncmp(ptr, str, strlen(ptr))==0) */
- if (strcmp(ptr, str) == 0)
- return en;
+ for (en = p->en_first; en <= p->en_last ;en++)
+ {
+ ptr = p->en_names[en - p->en_first];
+ if (ptr == 0)
+ {
+ continue;
+ }
+ if (streq(ptr, str))
+ {
+ return en;
+ }
+ }
}
- return -1;
+ return -1;
}
/* construct a string to name the bits on in a set
* Result may be in STATIC buffer!
* Note: prettypolicy depends on internal details.
*/
-const char *
-bitnamesof(const char *const table[], lset_t val)
+const char* bitnamesof(const char *const table[], lset_t val)
{
- char *p = bitnamesbuf;
- lset_t bit;
- const char *const *tp;
+ char *p = bitnamesbuf;
+ lset_t bit;
+ const char *const *tp;
- if (val == 0)
- return "none";
+ if (val == 0)
+ return "none";
- for (tp = table, bit = 01; val != 0; bit <<= 1)
- {
- if (val & bit)
+ for (tp = table, bit = 01; val != 0; bit <<= 1)
{
- const char *n = *tp;
- size_t nl;
-
- if (n == NULL || *n == '\0')
- {
- /* no name for this bit, so use hex */
- static char flagbuf[sizeof("0x80000000")];
-
- snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
- n = flagbuf;
- }
-
- nl = strlen(n);
-
- if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
- *p++ = '+';
-
- if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
- {
- strcpy(p, n);
- p += nl;
- }
- val -= bit;
+ if (val & bit)
+ {
+ const char *n = *tp;
+ size_t nl;
+
+ if (n == NULL || *n == '\0')
+ {
+ /* no name for this bit, so use hex */
+ static char flagbuf[sizeof("0x80000000")];
+
+ snprintf(flagbuf, sizeof(flagbuf), "0x%llx", bit);
+ n = flagbuf;
+ }
+
+ nl = strlen(n);
+
+ if (p != bitnamesbuf && p < bitnamesbuf+sizeof(bitnamesbuf) - 1)
+ *p++ = '+';
+
+ if (bitnamesbuf+sizeof(bitnamesbuf) - p > (ptrdiff_t)nl)
+ {
+ strcpy(p, n);
+ p += nl;
+ }
+ val -= bit;
+ }
+ if (*tp != NULL)
+ tp++; /* move on, but not past end */
}
- if (*tp != NULL)
- tp++; /* move on, but not past end */
- }
- *p = '\0';
- return bitnamesbuf;
+ *p = '\0';
+ return bitnamesbuf;
}
/* print a policy: like bitnamesof, but it also does the non-bitfields.
* Suppress the shunt and fail fields if 0.
*/
-const char *
-prettypolicy(lset_t policy)
+const char* prettypolicy(lset_t policy)
{
- const char *bn = bitnamesof(sa_policy_bit_names
- , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
- size_t len;
- lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
- lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
-
- if (bn != bitnamesbuf)
- bitnamesbuf[0] = '\0';
- len = strlen(bitnamesbuf);
- if (shunt != 0)
- {
- snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
- , policy_shunt_names[shunt]);
- len += strlen(bitnamesbuf + len);
- }
- if (fail != 0)
- {
- snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
- , policy_fail_names[fail]);
- len += strlen(bitnamesbuf + len);
- }
- if (NEVER_NEGOTIATE(policy))
- {
- snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
- len += strlen(bitnamesbuf + len);
- }
- return bitnamesbuf;
+ const char *bn = bitnamesof(sa_policy_bit_names
+ , policy & ~(POLICY_SHUNT_MASK | POLICY_FAIL_MASK));
+ size_t len;
+ lset_t shunt = (policy & POLICY_SHUNT_MASK) >> POLICY_SHUNT_SHIFT;
+ lset_t fail = (policy & POLICY_FAIL_MASK) >> POLICY_FAIL_SHIFT;
+
+ if (bn != bitnamesbuf)
+ bitnamesbuf[0] = '\0';
+ len = strlen(bitnamesbuf);
+ if (shunt != 0)
+ {
+ snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+%s"
+ , policy_shunt_names[shunt]);
+ len += strlen(bitnamesbuf + len);
+ }
+ if (fail != 0)
+ {
+ snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+failure%s"
+ , policy_fail_names[fail]);
+ len += strlen(bitnamesbuf + len);
+ }
+ if (NEVER_NEGOTIATE(policy))
+ {
+ snprintf(bitnamesbuf + len, sizeof(bitnamesbuf) - len, "+NEVER_NEGOTIATE");
+ len += strlen(bitnamesbuf + len);
+ }
+ return bitnamesbuf;
}
/* test a set by seeing if all bits have names */
-bool
-testset(const char *const table[], lset_t val)
+bool testset(const char *const table[], lset_t val)
{
- lset_t bit;
- const char *const *tp;
-
- for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
- {
- const char *n = *tp;
-
- if (n == NULL || ((val & bit) && *n == '\0'))
- return FALSE;
- val &= ~bit;
- }
- return TRUE;
+ lset_t bit;
+ const char *const *tp;
+
+ for (tp = table, bit = 01; val != 0; bit <<= 1, tp++)
+ {
+ const char *n = *tp;
+
+ if (n == NULL || ((val & bit) && *n == '\0'))
+ return FALSE;
+ val &= ~bit;
+ }
+ return TRUE;
}
@@ -1328,40 +1340,43 @@ const char sparse_end[] = "end of sparse names";
/* look up enum names in a sparse_names */
const char *sparse_name(sparse_names sd, unsigned long val)
{
- const struct sparse_name *p;
+ const struct sparse_name *p;
- for (p = sd; p->name != sparse_end; p++)
- if (p->val == val)
- return p->name;
- return NULL;
+ for (p = sd; p->name != sparse_end; p++)
+ if (p->val == val)
+ return p->name;
+ return NULL;
}
/* find or construct a string to describe an sparse value
* Result may be in STATIC buffer!
*/
-const char *
-sparse_val_show(sparse_names sd, unsigned long val)
+const char* sparse_val_show(sparse_names sd, unsigned long val)
{
- const char *p = sparse_name(sd, val);
+ const char *p = sparse_name(sd, val);
- if (p == NULL)
- {
- static char buf[12]; /* only one! I hope that it is big enough */
+ if (p == NULL)
+ {
+ static char buf[12]; /* only one! I hope that it is big enough */
- snprintf(buf, sizeof(buf), "%lu??", val);
- p = buf;
- }
- return p;
+ snprintf(buf, sizeof(buf), "%lu??", val);
+ p = buf;
+ }
+ return p;
}
void init_constants(void)
{
- happy(anyaddr(AF_INET, &ipv4_any));
- happy(anyaddr(AF_INET6, &ipv6_any));
+ happy(anyaddr(AF_INET, &ipv4_any));
+ happy(anyaddr(AF_INET6, &ipv6_any));
- happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
- happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
+ happy(addrtosubnet(&ipv4_any, &ipv4_wildcard));
+ happy(addrtosubnet(&ipv6_any, &ipv6_wildcard));
- happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
- happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
+ happy(initsubnet(&ipv4_any, 0, '0', &ipv4_all));
+ happy(initsubnet(&ipv6_any, 0, '0', &ipv6_all));
}
+
+u_char secret_of_the_day[HASH_SIZE_SHA1];
+
+