1 /* $NetBSD: strnames.c,v 1.13 2025/03/08 16:39:08 christos Exp $ */
2
3 /* $KAME: strnames.c,v 1.25 2003/11/13 10:53:26 itojun Exp $ */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/socket.h>
39
40 #include <netinet/in.h>
41 #include PATH_IPSEC_H
42 #include <netinet/in.h>
43
44 #include <stdio.h>
45 #include <stdlib.h>
46 #ifdef ENABLE_HYBRID
47 #include <resolv.h>
48 #endif
49
50 #include "var.h"
51 #include "misc.h"
52 #include "vmbuf.h"
53 #include "plog.h"
54
55 #include "isakmp_var.h"
56 #include "isakmp.h"
57 #ifdef ENABLE_HYBRID
58 # include "isakmp_xauth.h"
59 # include "isakmp_unity.h"
60 # include "isakmp_cfg.h"
61 #endif
62 #include "ipsec_doi.h"
63 #include "oakley.h"
64 #include "handler.h"
65 #include "pfkey.h"
66 #include "strnames.h"
67 #include "algorithm.h"
68
69 struct ksmap {
70 int key;
71 const char *str;
72 const char *(*f)(int);
73 };
74
75 const char *
num2str(int n)76 num2str(int n)
77 {
78 static char buf[20];
79
80 snprintf(buf, sizeof(buf), "%d", n);
81
82 return buf;
83 }
84
85 /* isakmp.h */
86 const char *
s_isakmp_state(int t,int d,int s)87 s_isakmp_state(int t, int d, int s)
88 {
89 switch (t) {
90 case ISAKMP_ETYPE_AGG:
91 switch (d) {
92 case INITIATOR:
93 switch (s) {
94 case PHASE1ST_MSG1SENT:
95 return "agg I msg1";
96 case PHASE1ST_ESTABLISHED:
97 return "agg I msg2";
98 default:
99 break;
100 }
101 break;
102 case RESPONDER:
103 switch (s) {
104 case PHASE1ST_MSG1SENT:
105 return "agg R msg1";
106 default:
107 break;
108 }
109 break;
110 }
111 break;
112 case ISAKMP_ETYPE_BASE:
113 switch (d) {
114 case INITIATOR:
115 switch (s) {
116 case PHASE1ST_MSG1SENT:
117 return "base I msg1";
118 case PHASE1ST_MSG2SENT:
119 return "base I msg2";
120 default:
121 break;
122 }
123 break;
124 case RESPONDER:
125 switch (s) {
126 case PHASE1ST_MSG1SENT:
127 return "base R msg1";
128 case PHASE1ST_ESTABLISHED:
129 return "base R msg2";
130 default:
131 break;
132 }
133 break;
134 }
135 break;
136 case ISAKMP_ETYPE_IDENT:
137 switch (d) {
138 case INITIATOR:
139 switch (s) {
140 case PHASE1ST_MSG1SENT:
141 return "ident I msg1";
142 case PHASE1ST_MSG2SENT:
143 return "ident I msg2";
144 case PHASE1ST_MSG3SENT:
145 return "ident I msg3";
146 default:
147 break;
148 }
149 break;
150 case RESPONDER:
151 switch (s) {
152 case PHASE1ST_MSG1SENT:
153 return "ident R msg1";
154 case PHASE1ST_MSG2SENT:
155 return "ident R msg2";
156 case PHASE1ST_ESTABLISHED:
157 return "ident R msg3";
158 default:
159 break;
160 }
161 }
162 break;
163 case ISAKMP_ETYPE_QUICK:
164 switch (d) {
165 case INITIATOR:
166 switch (s) {
167 case PHASE2ST_MSG1SENT:
168 return "quick I msg1";
169 case PHASE2ST_ADDSA:
170 return "quick I msg2";
171 default:
172 break;
173 }
174 break;
175 case RESPONDER:
176 switch (s) {
177 case PHASE2ST_MSG1SENT:
178 return "quick R msg1";
179 case PHASE2ST_COMMIT:
180 return "quick R msg2";
181 default:
182 break;
183 }
184 break;
185 }
186 break;
187 default:
188 case ISAKMP_ETYPE_NONE:
189 case ISAKMP_ETYPE_AUTH:
190 case ISAKMP_ETYPE_INFO:
191 case ISAKMP_ETYPE_NEWGRP:
192 case ISAKMP_ETYPE_ACKINFO:
193 break;
194 }
195 /*NOTREACHED*/
196
197 return "???";
198 }
199
200 static struct ksmap name_isakmp_certtype[] = {
201 { ISAKMP_CERT_NONE, "NONE", NULL },
202 { ISAKMP_CERT_PKCS7, "PKCS #7 wrapped X.509 certificate", NULL },
203 { ISAKMP_CERT_PGP, "PGP Certificate", NULL },
204 { ISAKMP_CERT_DNS, "DNS Signed Key", NULL },
205 { ISAKMP_CERT_X509SIGN, "X.509 Certificate Signature", NULL },
206 { ISAKMP_CERT_X509KE, "X.509 Certificate Key Exchange", NULL },
207 { ISAKMP_CERT_KERBEROS, "Kerberos Tokens", NULL },
208 { ISAKMP_CERT_CRL, "Certificate Revocation List (CRL)", NULL },
209 { ISAKMP_CERT_ARL, "Authority Revocation List (ARL)", NULL },
210 { ISAKMP_CERT_SPKI, "SPKI Certificate", NULL },
211 { ISAKMP_CERT_X509ATTR, "X.509 Certificate Attribute", NULL },
212 };
213
214 const char *
s_isakmp_certtype(int k)215 s_isakmp_certtype(int k)
216 {
217 int i;
218 for (i = 0; i < ARRAYLEN(name_isakmp_certtype); i++)
219 if (name_isakmp_certtype[i].key == k)
220 return name_isakmp_certtype[i].str;
221 return num2str(k);
222 }
223
224 static struct ksmap name_isakmp_etype[] = {
225 { ISAKMP_ETYPE_NONE, "None", NULL },
226 { ISAKMP_ETYPE_BASE, "Base", NULL },
227 { ISAKMP_ETYPE_IDENT, "Identity Protection", NULL },
228 { ISAKMP_ETYPE_AUTH, "Authentication Only", NULL },
229 { ISAKMP_ETYPE_AGG, "Aggressive", NULL },
230 { ISAKMP_ETYPE_INFO, "Informational", NULL },
231 { ISAKMP_ETYPE_CFG, "Mode config", NULL },
232 { ISAKMP_ETYPE_QUICK, "Quick", NULL },
233 { ISAKMP_ETYPE_NEWGRP, "New Group", NULL },
234 { ISAKMP_ETYPE_ACKINFO, "Acknowledged Informational", NULL },
235 };
236
237 const char *
s_isakmp_etype(int k)238 s_isakmp_etype(int k)
239 {
240 int i;
241 for (i = 0; i < ARRAYLEN(name_isakmp_etype); i++)
242 if (name_isakmp_etype[i].key == k)
243 return name_isakmp_etype[i].str;
244 return num2str(k);
245 }
246
247 static struct ksmap name_isakmp_notify_msg[] = {
248 { ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, "INVALID-PAYLOAD-TYPE", NULL },
249 { ISAKMP_NTYPE_DOI_NOT_SUPPORTED, "DOI-NOT-SUPPORTED", NULL },
250 { ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED, "SITUATION-NOT-SUPPORTED", NULL },
251 { ISAKMP_NTYPE_INVALID_COOKIE, "INVALID-COOKIE", NULL },
252 { ISAKMP_NTYPE_INVALID_MAJOR_VERSION, "INVALID-MAJOR-VERSION", NULL },
253 { ISAKMP_NTYPE_INVALID_MINOR_VERSION, "INVALID-MINOR-VERSION", NULL },
254 { ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE, "INVALID-EXCHANGE-TYPE", NULL },
255 { ISAKMP_NTYPE_INVALID_FLAGS, "INVALID-FLAGS", NULL },
256 { ISAKMP_NTYPE_INVALID_MESSAGE_ID, "INVALID-MESSAGE-ID", NULL },
257 { ISAKMP_NTYPE_INVALID_PROTOCOL_ID, "INVALID-PROTOCOL-ID", NULL },
258 { ISAKMP_NTYPE_INVALID_SPI, "INVALID-SPI", NULL },
259 { ISAKMP_NTYPE_INVALID_TRANSFORM_ID, "INVALID-TRANSFORM-ID", NULL },
260 { ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, "ATTRIBUTES-NOT-SUPPORTED", NULL },
261 { ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN, "NO-PROPOSAL-CHOSEN", NULL },
262 { ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX, "BAD-PROPOSAL-SYNTAX", NULL },
263 { ISAKMP_NTYPE_PAYLOAD_MALFORMED, "PAYLOAD-MALFORMED", NULL },
264 { ISAKMP_NTYPE_INVALID_KEY_INFORMATION, "INVALID-KEY-INFORMATION", NULL },
265 { ISAKMP_NTYPE_INVALID_ID_INFORMATION, "INVALID-ID-INFORMATION", NULL },
266 { ISAKMP_NTYPE_INVALID_CERT_ENCODING, "INVALID-CERT-ENCODING", NULL },
267 { ISAKMP_NTYPE_INVALID_CERTIFICATE, "INVALID-CERTIFICATE", NULL },
268 { ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX, "BAD-CERT-REQUEST-SYNTAX", NULL },
269 { ISAKMP_NTYPE_INVALID_CERT_AUTHORITY, "INVALID-CERT-AUTHORITY", NULL },
270 { ISAKMP_NTYPE_INVALID_HASH_INFORMATION, "INVALID-HASH-INFORMATION", NULL },
271 { ISAKMP_NTYPE_AUTHENTICATION_FAILED, "AUTHENTICATION-FAILED", NULL },
272 { ISAKMP_NTYPE_INVALID_SIGNATURE, "INVALID-SIGNATURE", NULL },
273 { ISAKMP_NTYPE_ADDRESS_NOTIFICATION, "ADDRESS-NOTIFICATION", NULL },
274 { ISAKMP_NTYPE_NOTIFY_SA_LIFETIME, "NOTIFY-SA-LIFETIME", NULL },
275 { ISAKMP_NTYPE_CERTIFICATE_UNAVAILABLE, "CERTIFICATE-UNAVAILABLE", NULL },
276 { ISAKMP_NTYPE_UNSUPPORTED_EXCHANGE_TYPE, "UNSUPPORTED-EXCHANGE-TYPE", NULL },
277 { ISAKMP_NTYPE_UNEQUAL_PAYLOAD_LENGTHS, "UNEQUAL-PAYLOAD-LENGTHS", NULL },
278 { ISAKMP_NTYPE_CONNECTED, "CONNECTED", NULL },
279 { ISAKMP_NTYPE_RESPONDER_LIFETIME, "RESPONDER-LIFETIME", NULL },
280 { ISAKMP_NTYPE_REPLAY_STATUS, "REPLAY-STATUS", NULL },
281 { ISAKMP_NTYPE_INITIAL_CONTACT, "INITIAL-CONTACT", NULL },
282 { ISAKMP_NTYPE_R_U_THERE, "R-U-THERE", NULL },
283 { ISAKMP_NTYPE_R_U_THERE_ACK, "R-U-THERE-ACK", NULL },
284 #ifdef ENABLE_HYBRID
285 { ISAKMP_NTYPE_UNITY_HEARTBEAT, "HEARTBEAT (Unity)", NULL },
286 #endif
287 { ISAKMP_LOG_RETRY_LIMIT_REACHED, "RETRY-LIMIT-REACHED", NULL },
288 };
289
290 const char *
s_isakmp_notify_msg(int k)291 s_isakmp_notify_msg(int k)
292 {
293 int i;
294 for (i = 0; i < ARRAYLEN(name_isakmp_notify_msg); i++)
295 if (name_isakmp_notify_msg[i].key == k)
296 return name_isakmp_notify_msg[i].str;
297
298 return num2str(k);
299 }
300
301 static struct ksmap name_isakmp_nptype[] = {
302 { ISAKMP_NPTYPE_NONE, "none", NULL },
303 { ISAKMP_NPTYPE_SA, "sa", NULL },
304 { ISAKMP_NPTYPE_P, "prop", NULL },
305 { ISAKMP_NPTYPE_T, "trns", NULL },
306 { ISAKMP_NPTYPE_KE, "ke", NULL },
307 { ISAKMP_NPTYPE_ID, "id", NULL },
308 { ISAKMP_NPTYPE_CERT, "cert", NULL },
309 { ISAKMP_NPTYPE_CR, "cr", NULL },
310 { ISAKMP_NPTYPE_HASH, "hash", NULL },
311 { ISAKMP_NPTYPE_SIG, "sig", NULL },
312 { ISAKMP_NPTYPE_NONCE, "nonce", NULL },
313 { ISAKMP_NPTYPE_N, "notify", NULL },
314 { ISAKMP_NPTYPE_D, "delete", NULL },
315 { ISAKMP_NPTYPE_VID, "vid", NULL },
316 { ISAKMP_NPTYPE_ATTR, "attr", NULL },
317 { ISAKMP_NPTYPE_GSS, "gss id", NULL },
318 { ISAKMP_NPTYPE_NATD_RFC, "nat-d", NULL },
319 { ISAKMP_NPTYPE_NATOA_RFC, "nat-oa", NULL },
320 { ISAKMP_NPTYPE_NATD_DRAFT, "nat-d", NULL },
321 { ISAKMP_NPTYPE_NATOA_DRAFT, "nat-oa", NULL },
322 { ISAKMP_NPTYPE_FRAG, "ike frag", NULL },
323 };
324
325 const char *
s_isakmp_nptype(int k)326 s_isakmp_nptype(int k)
327 {
328 int i;
329 for (i = 0; i < ARRAYLEN(name_isakmp_nptype); i++)
330 if (name_isakmp_nptype[i].key == k)
331 return name_isakmp_nptype[i].str;
332 return num2str(k);
333 }
334
335 #ifdef ENABLE_HYBRID
336 /* isakmp_cfg.h / isakmp_unity.h / isakmp_xauth.h */
337 static struct ksmap name_isakmp_cfg_type[] = {
338 { INTERNAL_IP4_ADDRESS, "INTERNAL_IP4_ADDRESS", NULL },
339 { INTERNAL_IP4_NETMASK, "INTERNAL_IP4_NETMASK", NULL },
340 { INTERNAL_IP4_DNS, "INTERNAL_IP4_DNS", NULL },
341 { INTERNAL_IP4_NBNS, "INTERNAL_IP4_NBNS", NULL },
342 { INTERNAL_ADDRESS_EXPIRY, "INTERNAL_ADDRESS_EXPIRY", NULL },
343 { INTERNAL_IP4_DHCP, "INTERNAL_IP4_DHCP", NULL },
344 { APPLICATION_VERSION, "APPLICATION_VERSION", NULL },
345 { INTERNAL_IP6_ADDRESS, "INTERNAL_IP6_ADDRESS", NULL },
346 { INTERNAL_IP6_NETMASK, "INTERNAL_IP6_NETMASK", NULL },
347 { INTERNAL_IP6_DNS, "INTERNAL_IP6_DNS", NULL },
348 { INTERNAL_IP6_NBNS, "INTERNAL_IP6_NBNS", NULL },
349 { INTERNAL_IP6_DHCP, "INTERNAL_IP6_DHCP", NULL },
350 { INTERNAL_IP4_SUBNET, "INTERNAL_IP4_SUBNET", NULL },
351 { SUPPORTED_ATTRIBUTES, "SUPPORTED_ATTRIBUTES", NULL },
352 { INTERNAL_IP6_SUBNET, "INTERNAL_IP6_SUBNET", NULL },
353 { XAUTH_TYPE, "XAUTH_TYPE", NULL },
354 { XAUTH_USER_NAME, "XAUTH_USER_NAME", NULL },
355 { XAUTH_USER_PASSWORD, "XAUTH_USER_PASSWORD", NULL },
356 { XAUTH_PASSCODE, "XAUTH_PASSCODE", NULL },
357 { XAUTH_MESSAGE, "XAUTH_MESSAGE", NULL },
358 { XAUTH_CHALLENGE, "XAUTH_CHALLENGE", NULL },
359 { XAUTH_DOMAIN, "XAUTH_DOMAIN", NULL },
360 { XAUTH_STATUS, "XAUTH_STATUS", NULL },
361 { XAUTH_NEXT_PIN, "XAUTH_NEXT_PIN", NULL },
362 { XAUTH_ANSWER, "XAUTH_ANSWER", NULL },
363 { UNITY_BANNER, "UNITY_BANNER", NULL },
364 { UNITY_SAVE_PASSWD, "UNITY_SAVE_PASSWD", NULL },
365 { UNITY_DEF_DOMAIN, "UNITY_DEF_DOMAIN", NULL },
366 { UNITY_SPLITDNS_NAME, "UNITY_SPLITDNS_NAME", NULL },
367 { UNITY_SPLIT_INCLUDE, "UNITY_SPLIT_INCLUDE", NULL },
368 { UNITY_NATT_PORT, "UNITY_NATT_PORT", NULL },
369 { UNITY_LOCAL_LAN, "UNITY_LOCAL_LAN", NULL },
370 { UNITY_PFS, "UNITY_PFS", NULL },
371 { UNITY_FW_TYPE, "UNITY_FW_TYPE", NULL },
372 { UNITY_BACKUP_SERVERS, "UNITY_BACKUP_SERVERS", NULL },
373 { UNITY_DDNS_HOSTNAME, "UNITY_DDNS_HOSTNAME", NULL },
374 };
375
376 const char *
s_isakmp_cfg_type(int k)377 s_isakmp_cfg_type(int k)
378 {
379 int i;
380 for (i = 0; i < ARRAYLEN(name_isakmp_cfg_type); i++)
381 if (name_isakmp_cfg_type[i].key == k)
382 return name_isakmp_cfg_type[i].str;
383 return num2str(k);
384 }
385
386 /* isakmp_cfg.h / isakmp_unity.h / isakmp_xauth.h */
387 static struct ksmap name_isakmp_cfg_ptype[] = {
388 { ISAKMP_CFG_ACK, "mode config ACK", NULL },
389 { ISAKMP_CFG_SET, "mode config SET", NULL },
390 { ISAKMP_CFG_REQUEST, "mode config REQUEST", NULL },
391 { ISAKMP_CFG_REPLY, "mode config REPLY", NULL },
392 };
393
394 const char *
s_isakmp_cfg_ptype(int k)395 s_isakmp_cfg_ptype(int k)
396 {
397 int i;
398 for (i = 0; i < ARRAYLEN(name_isakmp_cfg_ptype); i++)
399 if (name_isakmp_cfg_ptype[i].key == k)
400 return name_isakmp_cfg_ptype[i].str;
401 return num2str(k);
402 }
403
404 #endif
405
406 /* ipsec_doi.h */
407 static struct ksmap name_ipsecdoi_proto[] = {
408 { IPSECDOI_PROTO_ISAKMP, "ISAKMP", s_ipsecdoi_trns_isakmp },
409 { IPSECDOI_PROTO_IPSEC_AH, "AH", s_ipsecdoi_trns_ah },
410 { IPSECDOI_PROTO_IPSEC_ESP, "ESP", s_ipsecdoi_trns_esp },
411 { IPSECDOI_PROTO_IPCOMP, "IPCOMP", s_ipsecdoi_trns_ipcomp },
412 };
413
414 const char *
s_ipsecdoi_proto(int k)415 s_ipsecdoi_proto(int k)
416 {
417 int i;
418 for (i = 0; i < ARRAYLEN(name_ipsecdoi_proto); i++)
419 if (name_ipsecdoi_proto[i].key == k)
420 return name_ipsecdoi_proto[i].str;
421 return num2str(k);
422 }
423
424 static struct ksmap name_ipsecdoi_trns_isakmp[] = {
425 { IPSECDOI_KEY_IKE, "IKE", NULL },
426 };
427
428 const char *
s_ipsecdoi_trns_isakmp(int k)429 s_ipsecdoi_trns_isakmp(int k)
430 {
431 int i;
432 for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_isakmp); i++)
433 if (name_ipsecdoi_trns_isakmp[i].key == k)
434 return name_ipsecdoi_trns_isakmp[i].str;
435 return num2str(k);
436 }
437
438 static struct ksmap name_ipsecdoi_trns_ah[] = {
439 { IPSECDOI_AH_MD5, "MD5", NULL },
440 { IPSECDOI_AH_SHA, "SHA", NULL },
441 { IPSECDOI_AH_DES, "DES", NULL },
442 { IPSECDOI_AH_SHA256, "SHA256", NULL },
443 { IPSECDOI_AH_SHA384, "SHA384", NULL },
444 { IPSECDOI_AH_SHA512, "SHA512", NULL },
445 };
446
447 const char *
s_ipsecdoi_trns_ah(int k)448 s_ipsecdoi_trns_ah(int k)
449 {
450 int i;
451 for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_ah); i++)
452 if (name_ipsecdoi_trns_ah[i].key == k)
453 return name_ipsecdoi_trns_ah[i].str;
454 return num2str(k);
455 }
456
457 static struct ksmap name_ipsecdoi_trns_esp[] = {
458 { IPSECDOI_ESP_DES_IV64, "DES_IV64", NULL },
459 { IPSECDOI_ESP_DES, "DES", NULL },
460 { IPSECDOI_ESP_3DES, "3DES", NULL },
461 { IPSECDOI_ESP_RC5, "RC5", NULL },
462 { IPSECDOI_ESP_IDEA, "IDEA", NULL },
463 { IPSECDOI_ESP_CAST, "CAST", NULL },
464 { IPSECDOI_ESP_BLOWFISH, "BLOWFISH", NULL },
465 { IPSECDOI_ESP_3IDEA, "3IDEA", NULL },
466 { IPSECDOI_ESP_DES_IV32, "DES_IV32", NULL },
467 { IPSECDOI_ESP_RC4, "RC4", NULL },
468 { IPSECDOI_ESP_NULL, "NULL", NULL },
469 { IPSECDOI_ESP_AES, "AES", NULL },
470 { IPSECDOI_ESP_AESGCM16, "AES_GCM_16", NULL },
471 { IPSECDOI_ESP_TWOFISH, "TWOFISH", NULL },
472 { IPSECDOI_ESP_CAMELLIA, "CAMELLIA", NULL },
473 };
474
475 const char *
s_ipsecdoi_trns_esp(int k)476 s_ipsecdoi_trns_esp(int k)
477 {
478 int i;
479 for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_esp); i++)
480 if (name_ipsecdoi_trns_esp[i].key == k)
481 return name_ipsecdoi_trns_esp[i].str;
482 return num2str(k);
483 }
484
485 static struct ksmap name_ipsecdoi_trns_ipcomp[] = {
486 { IPSECDOI_IPCOMP_OUI, "OUI", NULL},
487 { IPSECDOI_IPCOMP_DEFLATE, "DEFLATE", NULL},
488 { IPSECDOI_IPCOMP_LZS, "LZS", NULL},
489 };
490
491 const char *
s_ipsecdoi_trns_ipcomp(int k)492 s_ipsecdoi_trns_ipcomp(int k)
493 {
494 int i;
495 for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_ipcomp); i++)
496 if (name_ipsecdoi_trns_ipcomp[i].key == k)
497 return name_ipsecdoi_trns_ipcomp[i].str;
498 return num2str(k);
499 }
500
501 const char *
s_ipsecdoi_trns(int proto,int trns)502 s_ipsecdoi_trns(int proto, int trns)
503 {
504 int i;
505 for (i = 0; i < ARRAYLEN(name_ipsecdoi_proto); i++)
506 if (name_ipsecdoi_proto[i].key == proto
507 && name_ipsecdoi_proto[i].f)
508 return (name_ipsecdoi_proto[i].f)(trns);
509 return num2str(trns);
510 }
511
512 static struct ksmap name_attr_ipsec[] = {
513 { IPSECDOI_ATTR_SA_LD_TYPE, "SA Life Type", s_ipsecdoi_ltype },
514 { IPSECDOI_ATTR_SA_LD, "SA Life Duration", NULL },
515 { IPSECDOI_ATTR_GRP_DESC, "Group Description", NULL },
516 { IPSECDOI_ATTR_ENC_MODE, "Encryption Mode", s_ipsecdoi_encmode },
517 { IPSECDOI_ATTR_AUTH, "Authentication Algorithm", s_ipsecdoi_auth },
518 { IPSECDOI_ATTR_KEY_LENGTH, "Key Length", NULL },
519 { IPSECDOI_ATTR_KEY_ROUNDS, "Key Rounds", NULL },
520 { IPSECDOI_ATTR_COMP_DICT_SIZE, "Compression Dictionary Size", NULL },
521 { IPSECDOI_ATTR_COMP_PRIVALG, "Compression Private Algorithm", NULL },
522 };
523
524 const char *
s_ipsecdoi_attr(int k)525 s_ipsecdoi_attr(int k)
526 {
527 int i;
528 for (i = 0; i < ARRAYLEN(name_attr_ipsec); i++)
529 if (name_attr_ipsec[i].key == k)
530 return name_attr_ipsec[i].str;
531 return num2str(k);
532 }
533
534 static struct ksmap name_attr_ipsec_ltype[] = {
535 { IPSECDOI_ATTR_SA_LD_TYPE_SEC, "seconds", NULL },
536 { IPSECDOI_ATTR_SA_LD_TYPE_KB, "kilobytes", NULL },
537 };
538
539 const char *
s_ipsecdoi_ltype(int k)540 s_ipsecdoi_ltype(int k)
541 {
542 int i;
543 for (i = 0; i < ARRAYLEN(name_attr_ipsec_ltype); i++)
544 if (name_attr_ipsec_ltype[i].key == k)
545 return name_attr_ipsec_ltype[i].str;
546 return num2str(k);
547 }
548
549 static struct ksmap name_attr_ipsec_encmode[] = {
550 { IPSECDOI_ATTR_ENC_MODE_ANY, "Any", NULL },
551 { IPSECDOI_ATTR_ENC_MODE_TUNNEL, "Tunnel", NULL },
552 { IPSECDOI_ATTR_ENC_MODE_TRNS, "Transport", NULL },
553 { IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC, "UDP-Tunnel", NULL },
554 { IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC, "UDP-Transport", NULL },
555 { IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT, "UDP-Tunnel", NULL },
556 { IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT, "UDP-Transport", NULL },
557 };
558
559 const char *
s_ipsecdoi_encmode(int k)560 s_ipsecdoi_encmode(int k)
561 {
562 int i;
563 for (i = 0; i < ARRAYLEN(name_attr_ipsec_encmode); i++)
564 if (name_attr_ipsec_encmode[i].key == k)
565 return name_attr_ipsec_encmode[i].str;
566 return num2str(k);
567 }
568
569 static struct ksmap name_attr_ipsec_auth[] = {
570 { IPSECDOI_ATTR_AUTH_HMAC_MD5, "hmac-md5", NULL },
571 { IPSECDOI_ATTR_AUTH_HMAC_SHA1, "hmac-sha", NULL },
572 { IPSECDOI_ATTR_AUTH_HMAC_SHA2_256, "hmac-sha256", NULL },
573 { IPSECDOI_ATTR_AUTH_HMAC_SHA2_384, "hmac-sha384", NULL },
574 { IPSECDOI_ATTR_AUTH_HMAC_SHA2_512, "hmac-sha512", NULL },
575 { IPSECDOI_ATTR_AUTH_DES_MAC, "des-mac", NULL },
576 { IPSECDOI_ATTR_AUTH_KPDK, "kpdk", NULL },
577 { IPSECDOI_ATTR_AUTH_NONE, "non_auth", NULL },
578 };
579
580 const char *
s_ipsecdoi_auth(int k)581 s_ipsecdoi_auth(int k)
582 {
583 int i;
584 for (i = 0; i < ARRAYLEN(name_attr_ipsec_auth); i++)
585 if (name_attr_ipsec_auth[i].key == k)
586 return name_attr_ipsec_auth[i].str;
587 return num2str(k);
588 }
589
590 const char *
s_ipsecdoi_attr_v(int type,int val)591 s_ipsecdoi_attr_v(int type, int val)
592 {
593 int i;
594 for (i = 0; i < ARRAYLEN(name_attr_ipsec); i++)
595 if (name_attr_ipsec[i].key == type
596 && name_attr_ipsec[i].f)
597 return (name_attr_ipsec[i].f)(val);
598 return num2str(val);
599 }
600
601 static struct ksmap name_ipsecdoi_ident[] = {
602 { IPSECDOI_ID_IPV4_ADDR, "IPv4_address", NULL },
603 { IPSECDOI_ID_FQDN, "FQDN", NULL },
604 { IPSECDOI_ID_USER_FQDN, "User_FQDN", NULL },
605 { IPSECDOI_ID_IPV4_ADDR_SUBNET, "IPv4_subnet", NULL },
606 { IPSECDOI_ID_IPV6_ADDR, "IPv6_address", NULL },
607 { IPSECDOI_ID_IPV6_ADDR_SUBNET, "IPv6_subnet", NULL },
608 { IPSECDOI_ID_IPV4_ADDR_RANGE, "IPv4_address_range", NULL },
609 { IPSECDOI_ID_IPV6_ADDR_RANGE, "IPv6_address_range", NULL },
610 { IPSECDOI_ID_DER_ASN1_DN, "DER_ASN1_DN", NULL },
611 { IPSECDOI_ID_DER_ASN1_GN, "DER_ASN1_GN", NULL },
612 { IPSECDOI_ID_KEY_ID, "KEY_ID", NULL },
613 };
614
615 const char *
s_ipsecdoi_ident(int k)616 s_ipsecdoi_ident(int k)
617 {
618 int i;
619 for (i = 0; i < ARRAYLEN(name_ipsecdoi_ident); i++)
620 if (name_ipsecdoi_ident[i].key == k)
621 return name_ipsecdoi_ident[i].str;
622 return num2str(k);
623 }
624
625 /* oakley.h */
626 static struct ksmap name_oakley_attr[] = {
627 { OAKLEY_ATTR_ENC_ALG, "Encryption Algorithm", s_attr_isakmp_enc },
628 { OAKLEY_ATTR_HASH_ALG, "Hash Algorithm", s_attr_isakmp_hash },
629 { OAKLEY_ATTR_AUTH_METHOD, "Authentication Method", s_oakley_attr_method },
630 { OAKLEY_ATTR_GRP_DESC, "Group Description", s_attr_isakmp_desc },
631 { OAKLEY_ATTR_GRP_TYPE, "Group Type", s_attr_isakmp_group },
632 { OAKLEY_ATTR_GRP_PI, "Group Prime/Irreducible Polynomial", NULL },
633 { OAKLEY_ATTR_GRP_GEN_ONE, "Group Generator One", NULL },
634 { OAKLEY_ATTR_GRP_GEN_TWO, "Group Generator Two", NULL },
635 { OAKLEY_ATTR_GRP_CURVE_A, "Group Curve A", NULL },
636 { OAKLEY_ATTR_GRP_CURVE_B, "Group Curve B", NULL },
637 { OAKLEY_ATTR_SA_LD_TYPE, "Life Type", s_attr_isakmp_ltype },
638 { OAKLEY_ATTR_SA_LD, "Life Duration", NULL },
639 { OAKLEY_ATTR_PRF, "PRF", NULL },
640 { OAKLEY_ATTR_KEY_LEN, "Key Length", NULL },
641 { OAKLEY_ATTR_FIELD_SIZE, "Field Size", NULL },
642 { OAKLEY_ATTR_GRP_ORDER, "Group Order", NULL },
643 { OAKLEY_ATTR_BLOCK_SIZE, "Block Size", NULL },
644 { OAKLEY_ATTR_GSS_ID, "GSS-API endpoint name",NULL },
645 };
646
647 const char *
s_oakley_attr(int k)648 s_oakley_attr(int k)
649 {
650 int i;
651 for (i = 0; i < ARRAYLEN(name_oakley_attr); i++)
652 if (name_oakley_attr[i].key == k)
653 return name_oakley_attr[i].str;
654 return num2str(k);
655 }
656
657 static struct ksmap name_attr_isakmp_enc[] = {
658 { OAKLEY_ATTR_ENC_ALG_DES, "DES-CBC", NULL },
659 { OAKLEY_ATTR_ENC_ALG_IDEA, "IDEA-CBC", NULL },
660 { OAKLEY_ATTR_ENC_ALG_BLOWFISH, "Blowfish-CBC", NULL },
661 { OAKLEY_ATTR_ENC_ALG_RC5, "RC5-R16-B64-CBC", NULL },
662 { OAKLEY_ATTR_ENC_ALG_3DES, "3DES-CBC", NULL },
663 { OAKLEY_ATTR_ENC_ALG_CAST, "CAST-CBC", NULL },
664 { OAKLEY_ATTR_ENC_ALG_AES, "AES-CBC", NULL },
665 };
666
667 const char *
s_attr_isakmp_enc(int k)668 s_attr_isakmp_enc(int k)
669 {
670 int i;
671 for (i = 0; i < ARRAYLEN(name_attr_isakmp_enc); i++)
672 if (name_attr_isakmp_enc[i].key == k)
673 return name_attr_isakmp_enc[i].str;
674 return num2str(k);
675 }
676
677 static struct ksmap name_attr_isakmp_hash[] = {
678 { OAKLEY_ATTR_HASH_ALG_MD5, "MD5", NULL },
679 { OAKLEY_ATTR_HASH_ALG_SHA, "SHA", NULL },
680 { OAKLEY_ATTR_HASH_ALG_TIGER, "Tiger", NULL },
681 { OAKLEY_ATTR_HASH_ALG_SHA2_256,"SHA256", NULL },
682 { OAKLEY_ATTR_HASH_ALG_SHA2_384,"SHA384", NULL },
683 { OAKLEY_ATTR_HASH_ALG_SHA2_512,"SHA512", NULL },
684 };
685
686 const char *
s_attr_isakmp_hash(int k)687 s_attr_isakmp_hash(int k)
688 {
689 int i;
690 for (i = 0; i < ARRAYLEN(name_attr_isakmp_hash); i++)
691 if (name_attr_isakmp_hash[i].key == k)
692 return name_attr_isakmp_hash[i].str;
693 return num2str(k);
694 }
695
696 static struct ksmap name_attr_isakmp_method[] = {
697 { OAKLEY_ATTR_AUTH_METHOD_PSKEY, "pre-shared key", NULL },
698 { OAKLEY_ATTR_AUTH_METHOD_DSSSIG, "DSS signatures", NULL },
699 { OAKLEY_ATTR_AUTH_METHOD_RSASIG, "RSA signatures", NULL },
700 { OAKLEY_ATTR_AUTH_METHOD_RSAENC, "Encryption with RSA", NULL },
701 { OAKLEY_ATTR_AUTH_METHOD_RSAREV, "Revised encryption with RSA", NULL },
702 { OAKLEY_ATTR_AUTH_METHOD_EGENC, "Encryption with El-Gamal", NULL },
703 { OAKLEY_ATTR_AUTH_METHOD_EGREV, "Revised encryption with El-Gamal", NULL },
704 #ifdef HAVE_GSSAPI
705 { OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB, "GSS-API on Kerberos 5", NULL },
706 #endif
707 #ifdef ENABLE_HYBRID
708 { OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R, "Hybrid DSS server", NULL },
709 { OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R, "Hybrid RSA server", NULL },
710 { OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I, "Hybrid DSS client", NULL },
711 { OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I, "Hybrid RSA client", NULL },
712 { OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I, "XAuth pskey client", NULL },
713 { OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R, "XAuth pskey server", NULL },
714 { OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I, "XAuth RSASIG client", NULL },
715 { OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R, "XAuth RSASIG server", NULL },
716 #endif
717 };
718
719 const char *
s_oakley_attr_method(int k)720 s_oakley_attr_method(int k)
721 {
722 int i;
723 for (i = 0; i < ARRAYLEN(name_attr_isakmp_method); i++)
724 if (name_attr_isakmp_method[i].key == k)
725 return name_attr_isakmp_method[i].str;
726 return num2str(k);
727 }
728
729 static struct ksmap name_attr_isakmp_desc[] = {
730 { OAKLEY_ATTR_GRP_DESC_MODP768, "768-bit MODP group", NULL },
731 { OAKLEY_ATTR_GRP_DESC_MODP1024, "1024-bit MODP group", NULL },
732 { OAKLEY_ATTR_GRP_DESC_EC2N155, "EC2N group on GP[2^155]", NULL },
733 { OAKLEY_ATTR_GRP_DESC_EC2N185, "EC2N group on GP[2^185]", NULL },
734 { OAKLEY_ATTR_GRP_DESC_MODP1536, "1536-bit MODP group", NULL },
735 { OAKLEY_ATTR_GRP_DESC_MODP2048, "2048-bit MODP group", NULL },
736 { OAKLEY_ATTR_GRP_DESC_MODP3072, "3072-bit MODP group", NULL },
737 { OAKLEY_ATTR_GRP_DESC_MODP4096, "4096-bit MODP group", NULL },
738 { OAKLEY_ATTR_GRP_DESC_MODP6144, "6144-bit MODP group", NULL },
739 { OAKLEY_ATTR_GRP_DESC_MODP8192, "8192-bit MODP group", NULL },
740 };
741
742 const char *
s_attr_isakmp_desc(int k)743 s_attr_isakmp_desc(int k)
744 {
745 int i;
746 for (i = 0; i < ARRAYLEN(name_attr_isakmp_desc); i++)
747 if (name_attr_isakmp_desc[i].key == k)
748 return name_attr_isakmp_desc[i].str;
749 return num2str(k);
750 }
751
752 static struct ksmap name_attr_isakmp_group[] = {
753 { OAKLEY_ATTR_GRP_TYPE_MODP, "MODP", NULL },
754 { OAKLEY_ATTR_GRP_TYPE_ECP, "ECP", NULL },
755 { OAKLEY_ATTR_GRP_TYPE_EC2N, "EC2N", NULL },
756 };
757
758 const char *
s_attr_isakmp_group(int k)759 s_attr_isakmp_group(int k)
760 {
761 int i;
762 for (i = 0; i < ARRAYLEN(name_attr_isakmp_group); i++)
763 if (name_attr_isakmp_group[i].key == k)
764 return name_attr_isakmp_group[i].str;
765 return num2str(k);
766 }
767
768 static struct ksmap name_attr_isakmp_ltype[] = {
769 { OAKLEY_ATTR_SA_LD_TYPE_SEC, "seconds", NULL },
770 { OAKLEY_ATTR_SA_LD_TYPE_KB, "kilobytes", NULL },
771 };
772
773 const char *
s_attr_isakmp_ltype(int k)774 s_attr_isakmp_ltype(int k)
775 {
776 int i;
777 for (i = 0; i < ARRAYLEN(name_attr_isakmp_ltype); i++)
778 if (name_attr_isakmp_ltype[i].key == k)
779 return name_attr_isakmp_ltype[i].str;
780 return num2str(k);
781 }
782
783 const char *
s_oakley_attr_v(int type,int val)784 s_oakley_attr_v(int type, int val)
785 {
786 int i;
787 for (i = 0; i < ARRAYLEN(name_oakley_attr); i++)
788 if (name_oakley_attr[i].key == type
789 && name_oakley_attr[i].f)
790 return (name_oakley_attr[i].f)(val);
791 return num2str(val);
792 }
793
794 static struct ksmap name_ipsec_level[] = {
795 { IPSEC_LEVEL_USE, "use", NULL },
796 { IPSEC_LEVEL_REQUIRE, "require", NULL },
797 { IPSEC_LEVEL_UNIQUE, "unique", NULL },
798 };
799
800 const char *
s_ipsec_level(int k)801 s_ipsec_level(int k)
802 {
803 int i;
804 for (i = 0; i < ARRAYLEN(name_ipsec_level); i++)
805 if (name_ipsec_level[i].key == k)
806 return name_ipsec_level[i].str;
807 return num2str(k);
808 }
809
810 static struct ksmap name_algclass[] = {
811 { algclass_ipsec_enc, "ipsec enc", s_ipsecdoi_trns_esp },
812 { algclass_ipsec_auth, "ipsec auth", s_ipsecdoi_trns_ah },
813 { algclass_ipsec_comp, "ipsec comp", s_ipsecdoi_trns_ipcomp },
814 { algclass_isakmp_enc, "isakmp enc", s_attr_isakmp_enc },
815 { algclass_isakmp_hash, "isakmp hash", s_attr_isakmp_hash },
816 { algclass_isakmp_dh, "isakmp dh", s_attr_isakmp_desc },
817 { algclass_isakmp_ameth, "isakmp auth method", s_oakley_attr_method },
818 };
819
820 const char *
s_algclass(int k)821 s_algclass(int k)
822 {
823 int i;
824 for (i = 0; i < ARRAYLEN(name_algclass); i++)
825 if (name_algclass[i].key == k)
826 return name_algclass[i].str;
827 return num2str(k);
828 }
829
830 const char *
s_algtype(int class,int n)831 s_algtype(int class, int n)
832 {
833 int i;
834 for (i = 0; i < ARRAYLEN(name_algclass); i++)
835 if (name_algclass[i].key == class
836 && name_algclass[i].f)
837 return (name_algclass[i].f)(n);
838 return num2str(n);
839 }
840
841 /* pfkey.h */
842 static struct ksmap name_pfkey_type[] = {
843 { SADB_GETSPI, "GETSPI", NULL },
844 { SADB_UPDATE, "UPDATE", NULL },
845 { SADB_ADD, "ADD", NULL },
846 { SADB_DELETE, "DELETE", NULL },
847 { SADB_GET, "GET", NULL },
848 { SADB_ACQUIRE, "ACQUIRE", NULL },
849 { SADB_REGISTER, "REGISTER", NULL },
850 { SADB_EXPIRE, "EXPIRE", NULL },
851 { SADB_FLUSH, "FLUSH", NULL },
852 { SADB_DUMP, "DUMP", NULL },
853 { SADB_X_PROMISC, "X_PROMISC", NULL },
854 { SADB_X_PCHANGE, "X_PCHANGE", NULL },
855 { SADB_X_SPDUPDATE, "X_SPDUPDATE", NULL },
856 { SADB_X_SPDADD, "X_SPDADD", NULL },
857 { SADB_X_SPDDELETE, "X_SPDDELETE", NULL },
858 { SADB_X_SPDGET, "X_SPDGET", NULL },
859 { SADB_X_SPDACQUIRE, "X_SPDACQUIRE", NULL },
860 { SADB_X_SPDDUMP, "X_SPDDUMP", NULL },
861 { SADB_X_SPDFLUSH, "X_SPDFLUSH", NULL },
862 { SADB_X_SPDSETIDX, "X_SPDSETIDX", NULL },
863 { SADB_X_SPDEXPIRE, "X_SPDEXPIRE", NULL },
864 { SADB_X_SPDDELETE2, "X_SPDDELETE2", NULL },
865 #ifdef SADB_X_NAT_T_NEW_MAPPING
866 { SADB_X_NAT_T_NEW_MAPPING, "X_NAT_T_NEW_MAPPING", NULL },
867 #endif
868 #ifdef SADB_X_MIGRATE
869 { SADB_X_MIGRATE, "X_MIGRATE", NULL },
870 #endif
871 };
872
873 const char *
s_pfkey_type(int k)874 s_pfkey_type(int k)
875 {
876 int i;
877 for (i = 0; i < ARRAYLEN(name_pfkey_type); i++)
878 if (name_pfkey_type[i].key == k)
879 return name_pfkey_type[i].str;
880 return num2str(k);
881 }
882
883 static struct ksmap name_pfkey_satype[] = {
884 { SADB_SATYPE_UNSPEC, "UNSPEC", NULL },
885 { SADB_SATYPE_AH, "AH", NULL },
886 { SADB_SATYPE_ESP, "ESP", NULL },
887 { SADB_SATYPE_RSVP, "RSVP", NULL },
888 { SADB_SATYPE_OSPFV2, "OSPFV2", NULL },
889 { SADB_SATYPE_RIPV2, "RIPV2", NULL },
890 { SADB_SATYPE_MIP, "MIP", NULL },
891 { SADB_X_SATYPE_IPCOMP, "IPCOMP", NULL },
892 };
893
894 const char *
s_pfkey_satype(int k)895 s_pfkey_satype(int k)
896 {
897 int i;
898 for (i = 0; i < ARRAYLEN(name_pfkey_satype); i++)
899 if (name_pfkey_satype[i].key == k)
900 return name_pfkey_satype[i].str;
901 return num2str(k);
902 }
903
904 static struct ksmap name_direction[] = {
905 { IPSEC_DIR_INBOUND, "in", NULL },
906 { IPSEC_DIR_OUTBOUND, "out", NULL },
907 #ifdef HAVE_POLICY_FWD
908 { IPSEC_DIR_FWD, "fwd", NULL },
909 #endif
910 };
911
912 const char *
s_direction(int k)913 s_direction(int k)
914 {
915 int i;
916 for (i = 0; i < ARRAYLEN(name_direction); i++)
917 if (name_direction[i].key == k)
918 return name_direction[i].str;
919 return num2str(k);
920 }
921
922 const char *
s_proto(int k)923 s_proto(int k)
924 {
925 switch (k) {
926 case IPPROTO_ICMP:
927 return "icmp";
928 case IPPROTO_TCP:
929 return "tcp";
930 case IPPROTO_UDP:
931 return "udp";
932 case IPPROTO_ICMPV6:
933 return "icmpv6";
934 case IPSEC_ULPROTO_ANY:
935 return "any";
936 }
937
938 return num2str(k);
939 }
940
941 const char *
s_doi(int k)942 s_doi(int k)
943 {
944 switch (k) {
945 case IPSEC_DOI:
946 return "ipsec_doi";
947 default:
948 return num2str(k);
949 }
950 }
951
952 const char *
s_etype(int k)953 s_etype(int k)
954 {
955 switch (k) {
956 case ISAKMP_ETYPE_NONE:
957 return "_none";
958 case ISAKMP_ETYPE_BASE:
959 return "base";
960 case ISAKMP_ETYPE_IDENT:
961 return "main";
962 case ISAKMP_ETYPE_AUTH:
963 return "_auth";
964 case ISAKMP_ETYPE_AGG:
965 return "aggressive";
966 case ISAKMP_ETYPE_INFO:
967 return "_info";
968 case ISAKMP_ETYPE_QUICK:
969 return "_quick";
970 case ISAKMP_ETYPE_NEWGRP:
971 return "_newgrp";
972 case ISAKMP_ETYPE_ACKINFO:
973 return "_ackinfo";
974 default:
975 return num2str(k);
976 }
977 }
978
979 const char *
s_idtype(int k)980 s_idtype(int k)
981 {
982 switch (k) {
983 case IDTYPE_FQDN:
984 return "fqdn";
985 case IDTYPE_USERFQDN:
986 return "user_fqdn";
987 case IDTYPE_KEYID:
988 return "keyid";
989 case IDTYPE_ADDRESS:
990 return "address";
991 case IDTYPE_ASN1DN:
992 return "asn1dn";
993 default:
994 return num2str(k);
995 }
996 }
997
998 const char *
s_switch(int k)999 s_switch(int k)
1000 {
1001 switch (k) {
1002 case FALSE:
1003 return "off";
1004 case TRUE:
1005 return "on";
1006 default:
1007 return num2str(k);
1008 }
1009 }
1010