1 /*        $NetBSD: strnames.c,v 1.13 2025/03/08 16:39:08 christos Exp $         */
2 
3 /*        $KAME: strnames.c,v 1.25 2003/11/13 10:53:26 itojun Exp $   */
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "config.h"
35 
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/socket.h>
39 
40 #include <netinet/in.h>
41 #include PATH_IPSEC_H
42 #include <netinet/in.h>
43 
44 #include <stdio.h>
45 #include <stdlib.h>
46 #ifdef ENABLE_HYBRID
47 #include <resolv.h>
48 #endif
49 
50 #include "var.h"
51 #include "misc.h"
52 #include "vmbuf.h"
53 #include "plog.h"
54 
55 #include "isakmp_var.h"
56 #include "isakmp.h"
57 #ifdef ENABLE_HYBRID
58 #  include "isakmp_xauth.h"
59 #  include "isakmp_unity.h"
60 #  include "isakmp_cfg.h"
61 #endif
62 #include "ipsec_doi.h"
63 #include "oakley.h"
64 #include "handler.h"
65 #include "pfkey.h"
66 #include "strnames.h"
67 #include "algorithm.h"
68 
69 struct ksmap {
70           int key;
71           const char *str;
72           const char *(*f)(int);
73 };
74 
75 const char *
num2str(int n)76 num2str(int n)
77 {
78           static char buf[20];
79 
80           snprintf(buf, sizeof(buf), "%d", n);
81 
82           return buf;
83 }
84 
85 /* isakmp.h */
86 const char *
s_isakmp_state(int t,int d,int s)87 s_isakmp_state(int t, int d, int s)
88 {
89           switch (t) {
90           case ISAKMP_ETYPE_AGG:
91                     switch (d) {
92                     case INITIATOR:
93                               switch (s) {
94                               case PHASE1ST_MSG1SENT:
95                                         return "agg I msg1";
96                               case PHASE1ST_ESTABLISHED:
97                                         return "agg I msg2";
98                               default:
99                                         break;
100                               }
101                               break;
102                     case RESPONDER:
103                               switch (s) {
104                               case PHASE1ST_MSG1SENT:
105                                         return "agg R msg1";
106                               default:
107                                         break;
108                               }
109                               break;
110                     }
111                     break;
112           case ISAKMP_ETYPE_BASE:
113                     switch (d) {
114                     case INITIATOR:
115                               switch (s) {
116                               case PHASE1ST_MSG1SENT:
117                                         return "base I msg1";
118                               case PHASE1ST_MSG2SENT:
119                                         return "base I msg2";
120                               default:
121                                         break;
122                               }
123                               break;
124                     case RESPONDER:
125                               switch (s) {
126                               case PHASE1ST_MSG1SENT:
127                                         return "base R msg1";
128                               case PHASE1ST_ESTABLISHED:
129                                         return "base R msg2";
130                               default:
131                                         break;
132                               }
133                               break;
134                     }
135                     break;
136           case ISAKMP_ETYPE_IDENT:
137                     switch (d) {
138                     case INITIATOR:
139                               switch (s) {
140                               case PHASE1ST_MSG1SENT:
141                                         return "ident I msg1";
142                               case PHASE1ST_MSG2SENT:
143                                         return "ident I msg2";
144                               case PHASE1ST_MSG3SENT:
145                                         return "ident I msg3";
146                               default:
147                                         break;
148                               }
149                               break;
150                     case RESPONDER:
151                               switch (s) {
152                               case PHASE1ST_MSG1SENT:
153                                         return "ident R msg1";
154                               case PHASE1ST_MSG2SENT:
155                                         return "ident R msg2";
156                               case PHASE1ST_ESTABLISHED:
157                                         return "ident R msg3";
158                               default:
159                                         break;
160                               }
161                     }
162                     break;
163           case ISAKMP_ETYPE_QUICK:
164                     switch (d) {
165                     case INITIATOR:
166                               switch (s) {
167                               case PHASE2ST_MSG1SENT:
168                                         return "quick I msg1";
169                               case PHASE2ST_ADDSA:
170                                         return "quick I msg2";
171                               default:
172                                         break;
173                               }
174                               break;
175                     case RESPONDER:
176                               switch (s) {
177                               case PHASE2ST_MSG1SENT:
178                                         return "quick R msg1";
179                               case PHASE2ST_COMMIT:
180                                         return "quick R msg2";
181                               default:
182                                         break;
183                               }
184                               break;
185                     }
186                     break;
187           default:
188           case ISAKMP_ETYPE_NONE:
189           case ISAKMP_ETYPE_AUTH:
190           case ISAKMP_ETYPE_INFO:
191           case ISAKMP_ETYPE_NEWGRP:
192           case ISAKMP_ETYPE_ACKINFO:
193                     break;
194           }
195           /*NOTREACHED*/
196 
197           return "???";
198 }
199 
200 static struct ksmap name_isakmp_certtype[] = {
201 { ISAKMP_CERT_NONE, "NONE",                                           NULL },
202 { ISAKMP_CERT_PKCS7,          "PKCS #7 wrapped X.509 certificate",    NULL },
203 { ISAKMP_CERT_PGP,  "PGP Certificate",                      NULL },
204 { ISAKMP_CERT_DNS,  "DNS Signed Key",                       NULL },
205 { ISAKMP_CERT_X509SIGN,       "X.509 Certificate Signature",                    NULL },
206 { ISAKMP_CERT_X509KE,         "X.509 Certificate Key Exchange",       NULL },
207 { ISAKMP_CERT_KERBEROS,       "Kerberos Tokens",                      NULL },
208 { ISAKMP_CERT_CRL,  "Certificate Revocation List (CRL)",    NULL },
209 { ISAKMP_CERT_ARL,  "Authority Revocation List (ARL)",      NULL },
210 { ISAKMP_CERT_SPKI, "SPKI Certificate",                     NULL },
211 { ISAKMP_CERT_X509ATTR,       "X.509 Certificate Attribute",                    NULL },
212 };
213 
214 const char *
s_isakmp_certtype(int k)215 s_isakmp_certtype(int k)
216 {
217           int i;
218           for (i = 0; i < ARRAYLEN(name_isakmp_certtype); i++)
219                     if (name_isakmp_certtype[i].key == k)
220                               return name_isakmp_certtype[i].str;
221           return num2str(k);
222 }
223 
224 static struct ksmap name_isakmp_etype[] = {
225 { ISAKMP_ETYPE_NONE,          "None",                       NULL },
226 { ISAKMP_ETYPE_BASE,          "Base",                       NULL },
227 { ISAKMP_ETYPE_IDENT,         "Identity Protection",        NULL },
228 { ISAKMP_ETYPE_AUTH,          "Authentication Only",        NULL },
229 { ISAKMP_ETYPE_AGG, "Aggressive",                 NULL },
230 { ISAKMP_ETYPE_INFO,          "Informational",    NULL },
231 { ISAKMP_ETYPE_CFG, "Mode config",                NULL },
232 { ISAKMP_ETYPE_QUICK,         "Quick",            NULL },
233 { ISAKMP_ETYPE_NEWGRP,        "New Group",                  NULL },
234 { ISAKMP_ETYPE_ACKINFO,       "Acknowledged Informational", NULL },
235 };
236 
237 const char *
s_isakmp_etype(int k)238 s_isakmp_etype(int k)
239 {
240           int i;
241           for (i = 0; i < ARRAYLEN(name_isakmp_etype); i++)
242                     if (name_isakmp_etype[i].key == k)
243                               return name_isakmp_etype[i].str;
244           return num2str(k);
245 }
246 
247 static struct ksmap name_isakmp_notify_msg[] = {
248 { ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE,    "INVALID-PAYLOAD-TYPE",                 NULL },
249 { ISAKMP_NTYPE_DOI_NOT_SUPPORTED,       "DOI-NOT-SUPPORTED",                    NULL },
250 { ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED, "SITUATION-NOT-SUPPORTED",    NULL },
251 { ISAKMP_NTYPE_INVALID_COOKIE,                    "INVALID-COOKIE",             NULL },
252 { ISAKMP_NTYPE_INVALID_MAJOR_VERSION,   "INVALID-MAJOR-VERSION",      NULL },
253 { ISAKMP_NTYPE_INVALID_MINOR_VERSION,   "INVALID-MINOR-VERSION",      NULL },
254 { ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE,   "INVALID-EXCHANGE-TYPE",      NULL },
255 { ISAKMP_NTYPE_INVALID_FLAGS,           "INVALID-FLAGS",              NULL },
256 { ISAKMP_NTYPE_INVALID_MESSAGE_ID,      "INVALID-MESSAGE-ID",                   NULL },
257 { ISAKMP_NTYPE_INVALID_PROTOCOL_ID,     "INVALID-PROTOCOL-ID",                  NULL },
258 { ISAKMP_NTYPE_INVALID_SPI,             "INVALID-SPI",                          NULL },
259 { ISAKMP_NTYPE_INVALID_TRANSFORM_ID,    "INVALID-TRANSFORM-ID",                 NULL },
260 { ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED, "ATTRIBUTES-NOT-SUPPORTED",  NULL },
261 { ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN,      "NO-PROPOSAL-CHOSEN",                   NULL },
262 { ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX,     "BAD-PROPOSAL-SYNTAX",                  NULL },
263 { ISAKMP_NTYPE_PAYLOAD_MALFORMED,       "PAYLOAD-MALFORMED",                    NULL },
264 { ISAKMP_NTYPE_INVALID_KEY_INFORMATION, "INVALID-KEY-INFORMATION",    NULL },
265 { ISAKMP_NTYPE_INVALID_ID_INFORMATION,  "INVALID-ID-INFORMATION",     NULL },
266 { ISAKMP_NTYPE_INVALID_CERT_ENCODING,   "INVALID-CERT-ENCODING",      NULL },
267 { ISAKMP_NTYPE_INVALID_CERTIFICATE,     "INVALID-CERTIFICATE",                  NULL },
268 { ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX, "BAD-CERT-REQUEST-SYNTAX",    NULL },
269 { ISAKMP_NTYPE_INVALID_CERT_AUTHORITY,  "INVALID-CERT-AUTHORITY",     NULL },
270 { ISAKMP_NTYPE_INVALID_HASH_INFORMATION, "INVALID-HASH-INFORMATION",  NULL },
271 { ISAKMP_NTYPE_AUTHENTICATION_FAILED,   "AUTHENTICATION-FAILED",      NULL },
272 { ISAKMP_NTYPE_INVALID_SIGNATURE,       "INVALID-SIGNATURE",                    NULL },
273 { ISAKMP_NTYPE_ADDRESS_NOTIFICATION,    "ADDRESS-NOTIFICATION",                 NULL },
274 { ISAKMP_NTYPE_NOTIFY_SA_LIFETIME,      "NOTIFY-SA-LIFETIME",                   NULL },
275 { ISAKMP_NTYPE_CERTIFICATE_UNAVAILABLE, "CERTIFICATE-UNAVAILABLE",    NULL },
276 { ISAKMP_NTYPE_UNSUPPORTED_EXCHANGE_TYPE, "UNSUPPORTED-EXCHANGE-TYPE",          NULL },
277 { ISAKMP_NTYPE_UNEQUAL_PAYLOAD_LENGTHS, "UNEQUAL-PAYLOAD-LENGTHS",    NULL },
278 { ISAKMP_NTYPE_CONNECTED,               "CONNECTED",                            NULL },
279 { ISAKMP_NTYPE_RESPONDER_LIFETIME,      "RESPONDER-LIFETIME",                   NULL },
280 { ISAKMP_NTYPE_REPLAY_STATUS,           "REPLAY-STATUS",              NULL },
281 { ISAKMP_NTYPE_INITIAL_CONTACT,                   "INITIAL-CONTACT",            NULL },
282 { ISAKMP_NTYPE_R_U_THERE,               "R-U-THERE",                            NULL },
283 { ISAKMP_NTYPE_R_U_THERE_ACK,           "R-U-THERE-ACK",              NULL },
284 #ifdef ENABLE_HYBRID
285 { ISAKMP_NTYPE_UNITY_HEARTBEAT,                   "HEARTBEAT (Unity)",                    NULL },
286 #endif
287 { ISAKMP_LOG_RETRY_LIMIT_REACHED,       "RETRY-LIMIT-REACHED",                  NULL },
288 };
289 
290 const char *
s_isakmp_notify_msg(int k)291 s_isakmp_notify_msg(int k)
292 {
293           int i;
294           for (i = 0; i < ARRAYLEN(name_isakmp_notify_msg); i++)
295                     if (name_isakmp_notify_msg[i].key == k)
296                               return name_isakmp_notify_msg[i].str;
297 
298           return num2str(k);
299 }
300 
301 static struct ksmap name_isakmp_nptype[] = {
302 { ISAKMP_NPTYPE_NONE,                   "none",             NULL },
303 { ISAKMP_NPTYPE_SA,           "sa",               NULL },
304 { ISAKMP_NPTYPE_P,            "prop",             NULL },
305 { ISAKMP_NPTYPE_T,            "trns",             NULL },
306 { ISAKMP_NPTYPE_KE,           "ke",               NULL },
307 { ISAKMP_NPTYPE_ID,           "id",               NULL },
308 { ISAKMP_NPTYPE_CERT,                   "cert",             NULL },
309 { ISAKMP_NPTYPE_CR,           "cr",               NULL },
310 { ISAKMP_NPTYPE_HASH,                   "hash",             NULL },
311 { ISAKMP_NPTYPE_SIG,                    "sig",              NULL },
312 { ISAKMP_NPTYPE_NONCE,                  "nonce",  NULL },
313 { ISAKMP_NPTYPE_N,            "notify", NULL },
314 { ISAKMP_NPTYPE_D,            "delete", NULL },
315 { ISAKMP_NPTYPE_VID,                    "vid",              NULL },
316 { ISAKMP_NPTYPE_ATTR,                   "attr",             NULL },
317 { ISAKMP_NPTYPE_GSS,                    "gss id", NULL },
318 { ISAKMP_NPTYPE_NATD_RFC,     "nat-d",  NULL },
319 { ISAKMP_NPTYPE_NATOA_RFC,    "nat-oa", NULL },
320 { ISAKMP_NPTYPE_NATD_DRAFT,   "nat-d",  NULL },
321 { ISAKMP_NPTYPE_NATOA_DRAFT,  "nat-oa", NULL },
322 { ISAKMP_NPTYPE_FRAG,                   "ike frag",         NULL },
323 };
324 
325 const char *
s_isakmp_nptype(int k)326 s_isakmp_nptype(int k)
327 {
328           int i;
329           for (i = 0; i < ARRAYLEN(name_isakmp_nptype); i++)
330                     if (name_isakmp_nptype[i].key == k)
331                               return name_isakmp_nptype[i].str;
332           return num2str(k);
333 }
334 
335 #ifdef ENABLE_HYBRID
336 /* isakmp_cfg.h / isakmp_unity.h / isakmp_xauth.h */
337 static struct ksmap name_isakmp_cfg_type[] = {
338 { INTERNAL_IP4_ADDRESS,                 "INTERNAL_IP4_ADDRESS",                 NULL },
339 { INTERNAL_IP4_NETMASK,                 "INTERNAL_IP4_NETMASK",                 NULL },
340 { INTERNAL_IP4_DNS,           "INTERNAL_IP4_DNS",           NULL },
341 { INTERNAL_IP4_NBNS,                    "INTERNAL_IP4_NBNS",                    NULL },
342 { INTERNAL_ADDRESS_EXPIRY,    "INTERNAL_ADDRESS_EXPIRY",    NULL },
343 { INTERNAL_IP4_DHCP,                    "INTERNAL_IP4_DHCP",                    NULL },
344 { APPLICATION_VERSION,                  "APPLICATION_VERSION",                  NULL },
345 { INTERNAL_IP6_ADDRESS,                 "INTERNAL_IP6_ADDRESS",                 NULL },
346 { INTERNAL_IP6_NETMASK,                 "INTERNAL_IP6_NETMASK",                 NULL },
347 { INTERNAL_IP6_DNS,           "INTERNAL_IP6_DNS",           NULL },
348 { INTERNAL_IP6_NBNS,                    "INTERNAL_IP6_NBNS",                    NULL },
349 { INTERNAL_IP6_DHCP,                    "INTERNAL_IP6_DHCP",                    NULL },
350 { INTERNAL_IP4_SUBNET,                  "INTERNAL_IP4_SUBNET",                  NULL },
351 { SUPPORTED_ATTRIBUTES,                 "SUPPORTED_ATTRIBUTES",                 NULL },
352 { INTERNAL_IP6_SUBNET,                  "INTERNAL_IP6_SUBNET",                  NULL },
353 { XAUTH_TYPE,                           "XAUTH_TYPE",                           NULL },
354 { XAUTH_USER_NAME,            "XAUTH_USER_NAME",            NULL },
355 { XAUTH_USER_PASSWORD,                  "XAUTH_USER_PASSWORD",                  NULL },
356 { XAUTH_PASSCODE,             "XAUTH_PASSCODE",             NULL },
357 { XAUTH_MESSAGE,              "XAUTH_MESSAGE",              NULL },
358 { XAUTH_CHALLENGE,            "XAUTH_CHALLENGE",            NULL },
359 { XAUTH_DOMAIN,                         "XAUTH_DOMAIN",                         NULL },
360 { XAUTH_STATUS,                         "XAUTH_STATUS",                         NULL },
361 { XAUTH_NEXT_PIN,             "XAUTH_NEXT_PIN",             NULL },
362 { XAUTH_ANSWER,                         "XAUTH_ANSWER",                         NULL },
363 { UNITY_BANNER,                         "UNITY_BANNER",                         NULL },
364 { UNITY_SAVE_PASSWD,                    "UNITY_SAVE_PASSWD",                    NULL },
365 { UNITY_DEF_DOMAIN,           "UNITY_DEF_DOMAIN",           NULL },
366 { UNITY_SPLITDNS_NAME,                  "UNITY_SPLITDNS_NAME",                  NULL },
367 { UNITY_SPLIT_INCLUDE,                  "UNITY_SPLIT_INCLUDE",                  NULL },
368 { UNITY_NATT_PORT,            "UNITY_NATT_PORT",            NULL },
369 { UNITY_LOCAL_LAN,            "UNITY_LOCAL_LAN",            NULL },
370 { UNITY_PFS,                            "UNITY_PFS",                            NULL },
371 { UNITY_FW_TYPE,              "UNITY_FW_TYPE",              NULL },
372 { UNITY_BACKUP_SERVERS,                 "UNITY_BACKUP_SERVERS",                 NULL },
373 { UNITY_DDNS_HOSTNAME,                  "UNITY_DDNS_HOSTNAME",                  NULL },
374 };
375 
376 const char *
s_isakmp_cfg_type(int k)377 s_isakmp_cfg_type(int k)
378 {
379           int i;
380           for (i = 0; i < ARRAYLEN(name_isakmp_cfg_type); i++)
381                     if (name_isakmp_cfg_type[i].key == k)
382                               return name_isakmp_cfg_type[i].str;
383           return num2str(k);
384 }
385 
386 /* isakmp_cfg.h / isakmp_unity.h / isakmp_xauth.h */
387 static struct ksmap name_isakmp_cfg_ptype[] = {
388 { ISAKMP_CFG_ACK,             "mode config ACK",            NULL },
389 { ISAKMP_CFG_SET,             "mode config SET",            NULL },
390 { ISAKMP_CFG_REQUEST,                   "mode config REQUEST",                  NULL },
391 { ISAKMP_CFG_REPLY,           "mode config REPLY",                    NULL },
392 };
393 
394 const char *
s_isakmp_cfg_ptype(int k)395 s_isakmp_cfg_ptype(int k)
396 {
397           int i;
398           for (i = 0; i < ARRAYLEN(name_isakmp_cfg_ptype); i++)
399                     if (name_isakmp_cfg_ptype[i].key == k)
400                               return name_isakmp_cfg_ptype[i].str;
401           return num2str(k);
402 }
403 
404 #endif
405 
406 /* ipsec_doi.h */
407 static struct ksmap name_ipsecdoi_proto[] = {
408 { IPSECDOI_PROTO_ISAKMP,      "ISAKMP", s_ipsecdoi_trns_isakmp },
409 { IPSECDOI_PROTO_IPSEC_AH,    "AH",               s_ipsecdoi_trns_ah },
410 { IPSECDOI_PROTO_IPSEC_ESP,   "ESP",              s_ipsecdoi_trns_esp },
411 { IPSECDOI_PROTO_IPCOMP,      "IPCOMP", s_ipsecdoi_trns_ipcomp },
412 };
413 
414 const char *
s_ipsecdoi_proto(int k)415 s_ipsecdoi_proto(int k)
416 {
417           int i;
418           for (i = 0; i < ARRAYLEN(name_ipsecdoi_proto); i++)
419                     if (name_ipsecdoi_proto[i].key == k)
420                               return name_ipsecdoi_proto[i].str;
421           return num2str(k);
422 }
423 
424 static struct ksmap name_ipsecdoi_trns_isakmp[] = {
425 { IPSECDOI_KEY_IKE, "IKE", NULL },
426 };
427 
428 const char *
s_ipsecdoi_trns_isakmp(int k)429 s_ipsecdoi_trns_isakmp(int k)
430 {
431           int i;
432           for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_isakmp); i++)
433                     if (name_ipsecdoi_trns_isakmp[i].key == k)
434                               return name_ipsecdoi_trns_isakmp[i].str;
435           return num2str(k);
436 }
437 
438 static struct ksmap name_ipsecdoi_trns_ah[] = {
439 { IPSECDOI_AH_MD5,  "MD5", NULL },
440 { IPSECDOI_AH_SHA,  "SHA", NULL },
441 { IPSECDOI_AH_DES,  "DES", NULL },
442 { IPSECDOI_AH_SHA256,         "SHA256", NULL },
443 { IPSECDOI_AH_SHA384,         "SHA384", NULL },
444 { IPSECDOI_AH_SHA512,         "SHA512", NULL },
445 };
446 
447 const char *
s_ipsecdoi_trns_ah(int k)448 s_ipsecdoi_trns_ah(int k)
449 {
450           int i;
451           for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_ah); i++)
452                     if (name_ipsecdoi_trns_ah[i].key == k)
453                               return name_ipsecdoi_trns_ah[i].str;
454           return num2str(k);
455 }
456 
457 static struct ksmap name_ipsecdoi_trns_esp[] = {
458 { IPSECDOI_ESP_DES_IV64,      "DES_IV64",         NULL },
459 { IPSECDOI_ESP_DES,           "DES",              NULL },
460 { IPSECDOI_ESP_3DES,                    "3DES",             NULL },
461 { IPSECDOI_ESP_RC5,           "RC5",              NULL },
462 { IPSECDOI_ESP_IDEA,                    "IDEA",             NULL },
463 { IPSECDOI_ESP_CAST,                    "CAST",             NULL },
464 { IPSECDOI_ESP_BLOWFISH,      "BLOWFISH",         NULL },
465 { IPSECDOI_ESP_3IDEA,                   "3IDEA",  NULL },
466 { IPSECDOI_ESP_DES_IV32,      "DES_IV32",         NULL },
467 { IPSECDOI_ESP_RC4,           "RC4",              NULL },
468 { IPSECDOI_ESP_NULL,                    "NULL",             NULL },
469 { IPSECDOI_ESP_AES,           "AES",              NULL },
470 { IPSECDOI_ESP_AESGCM16,      "AES_GCM_16",       NULL },
471 { IPSECDOI_ESP_TWOFISH,                 "TWOFISH",          NULL },
472 { IPSECDOI_ESP_CAMELLIA,      "CAMELLIA",         NULL },
473 };
474 
475 const char *
s_ipsecdoi_trns_esp(int k)476 s_ipsecdoi_trns_esp(int k)
477 {
478           int i;
479           for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_esp); i++)
480                     if (name_ipsecdoi_trns_esp[i].key == k)
481                               return name_ipsecdoi_trns_esp[i].str;
482           return num2str(k);
483 }
484 
485 static struct ksmap name_ipsecdoi_trns_ipcomp[] = {
486 { IPSECDOI_IPCOMP_OUI,                  "OUI",              NULL},
487 { IPSECDOI_IPCOMP_DEFLATE,    "DEFLATE",          NULL},
488 { IPSECDOI_IPCOMP_LZS,                  "LZS",              NULL},
489 };
490 
491 const char *
s_ipsecdoi_trns_ipcomp(int k)492 s_ipsecdoi_trns_ipcomp(int k)
493 {
494           int i;
495           for (i = 0; i < ARRAYLEN(name_ipsecdoi_trns_ipcomp); i++)
496                     if (name_ipsecdoi_trns_ipcomp[i].key == k)
497                               return name_ipsecdoi_trns_ipcomp[i].str;
498           return num2str(k);
499 }
500 
501 const char *
s_ipsecdoi_trns(int proto,int trns)502 s_ipsecdoi_trns(int proto, int trns)
503 {
504           int i;
505           for (i = 0; i < ARRAYLEN(name_ipsecdoi_proto); i++)
506                     if (name_ipsecdoi_proto[i].key == proto
507                      && name_ipsecdoi_proto[i].f)
508                               return (name_ipsecdoi_proto[i].f)(trns);
509           return num2str(trns);
510 }
511 
512 static struct ksmap name_attr_ipsec[] = {
513 { IPSECDOI_ATTR_SA_LD_TYPE,   "SA Life Type",               s_ipsecdoi_ltype },
514 { IPSECDOI_ATTR_SA_LD,                  "SA Life Duration", NULL },
515 { IPSECDOI_ATTR_GRP_DESC,     "Group Description",          NULL },
516 { IPSECDOI_ATTR_ENC_MODE,     "Encryption Mode",  s_ipsecdoi_encmode },
517 { IPSECDOI_ATTR_AUTH,                   "Authentication Algorithm", s_ipsecdoi_auth },
518 { IPSECDOI_ATTR_KEY_LENGTH,   "Key Length",                 NULL },
519 { IPSECDOI_ATTR_KEY_ROUNDS,   "Key Rounds",                 NULL },
520 { IPSECDOI_ATTR_COMP_DICT_SIZE,         "Compression Dictionary Size",          NULL },
521 { IPSECDOI_ATTR_COMP_PRIVALG, "Compression Private Algorithm", NULL },
522 };
523 
524 const char *
s_ipsecdoi_attr(int k)525 s_ipsecdoi_attr(int k)
526 {
527           int i;
528           for (i = 0; i < ARRAYLEN(name_attr_ipsec); i++)
529                     if (name_attr_ipsec[i].key == k)
530                               return name_attr_ipsec[i].str;
531           return num2str(k);
532 }
533 
534 static struct ksmap name_attr_ipsec_ltype[] = {
535 { IPSECDOI_ATTR_SA_LD_TYPE_SEC,         "seconds",          NULL },
536 { IPSECDOI_ATTR_SA_LD_TYPE_KB,          "kilobytes",        NULL },
537 };
538 
539 const char *
s_ipsecdoi_ltype(int k)540 s_ipsecdoi_ltype(int k)
541 {
542           int i;
543           for (i = 0; i < ARRAYLEN(name_attr_ipsec_ltype); i++)
544                     if (name_attr_ipsec_ltype[i].key == k)
545                               return name_attr_ipsec_ltype[i].str;
546           return num2str(k);
547 }
548 
549 static struct ksmap name_attr_ipsec_encmode[] = {
550 { IPSECDOI_ATTR_ENC_MODE_ANY,           "Any",              NULL },
551 { IPSECDOI_ATTR_ENC_MODE_TUNNEL,        "Tunnel", NULL },
552 { IPSECDOI_ATTR_ENC_MODE_TRNS,                    "Transport",        NULL },
553 { IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC, "UDP-Tunnel",       NULL },
554 { IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC,   "UDP-Transport",    NULL },
555 { IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT,         "UDP-Tunnel",       NULL },
556 { IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT, "UDP-Transport",    NULL },
557 };
558 
559 const char *
s_ipsecdoi_encmode(int k)560 s_ipsecdoi_encmode(int k)
561 {
562           int i;
563           for (i = 0; i < ARRAYLEN(name_attr_ipsec_encmode); i++)
564                     if (name_attr_ipsec_encmode[i].key == k)
565                               return name_attr_ipsec_encmode[i].str;
566           return num2str(k);
567 }
568 
569 static struct ksmap name_attr_ipsec_auth[] = {
570 { IPSECDOI_ATTR_AUTH_HMAC_MD5,                    "hmac-md5",         NULL },
571 { IPSECDOI_ATTR_AUTH_HMAC_SHA1,                   "hmac-sha",         NULL },
572 { IPSECDOI_ATTR_AUTH_HMAC_SHA2_256,     "hmac-sha256",      NULL },
573 { IPSECDOI_ATTR_AUTH_HMAC_SHA2_384,     "hmac-sha384",      NULL },
574 { IPSECDOI_ATTR_AUTH_HMAC_SHA2_512,     "hmac-sha512",      NULL },
575 { IPSECDOI_ATTR_AUTH_DES_MAC,           "des-mac",          NULL },
576 { IPSECDOI_ATTR_AUTH_KPDK,              "kpdk",             NULL },
577 { IPSECDOI_ATTR_AUTH_NONE,              "non_auth",                   NULL },
578 };
579 
580 const char *
s_ipsecdoi_auth(int k)581 s_ipsecdoi_auth(int k)
582 {
583           int i;
584           for (i = 0; i < ARRAYLEN(name_attr_ipsec_auth); i++)
585                     if (name_attr_ipsec_auth[i].key == k)
586                               return name_attr_ipsec_auth[i].str;
587           return num2str(k);
588 }
589 
590 const char *
s_ipsecdoi_attr_v(int type,int val)591 s_ipsecdoi_attr_v(int type, int val)
592 {
593           int i;
594           for (i = 0; i < ARRAYLEN(name_attr_ipsec); i++)
595                     if (name_attr_ipsec[i].key == type
596                      && name_attr_ipsec[i].f)
597                               return (name_attr_ipsec[i].f)(val);
598           return num2str(val);
599 }
600 
601 static struct ksmap name_ipsecdoi_ident[] = {
602 { IPSECDOI_ID_IPV4_ADDR,      "IPv4_address",     NULL },
603 { IPSECDOI_ID_FQDN,           "FQDN",             NULL },
604 { IPSECDOI_ID_USER_FQDN,      "User_FQDN",        NULL },
605 { IPSECDOI_ID_IPV4_ADDR_SUBNET,         "IPv4_subnet",      NULL },
606 { IPSECDOI_ID_IPV6_ADDR,      "IPv6_address",     NULL },
607 { IPSECDOI_ID_IPV6_ADDR_SUBNET,         "IPv6_subnet",      NULL },
608 { IPSECDOI_ID_IPV4_ADDR_RANGE,          "IPv4_address_range",         NULL },
609 { IPSECDOI_ID_IPV6_ADDR_RANGE,          "IPv6_address_range",         NULL },
610 { IPSECDOI_ID_DER_ASN1_DN,    "DER_ASN1_DN",      NULL },
611 { IPSECDOI_ID_DER_ASN1_GN,    "DER_ASN1_GN",      NULL },
612 { IPSECDOI_ID_KEY_ID,                   "KEY_ID", NULL },
613 };
614 
615 const char *
s_ipsecdoi_ident(int k)616 s_ipsecdoi_ident(int k)
617 {
618           int i;
619           for (i = 0; i < ARRAYLEN(name_ipsecdoi_ident); i++)
620                     if (name_ipsecdoi_ident[i].key == k)
621                               return name_ipsecdoi_ident[i].str;
622           return num2str(k);
623 }
624 
625 /* oakley.h */
626 static struct ksmap name_oakley_attr[] = {
627 { OAKLEY_ATTR_ENC_ALG,                  "Encryption Algorithm",       s_attr_isakmp_enc },
628 { OAKLEY_ATTR_HASH_ALG,                 "Hash Algorithm",   s_attr_isakmp_hash },
629 { OAKLEY_ATTR_AUTH_METHOD,    "Authentication Method", s_oakley_attr_method },
630 { OAKLEY_ATTR_GRP_DESC,                 "Group Description",          s_attr_isakmp_desc },
631 { OAKLEY_ATTR_GRP_TYPE,                 "Group Type",                 s_attr_isakmp_group },
632 { OAKLEY_ATTR_GRP_PI,                   "Group Prime/Irreducible Polynomial",   NULL },
633 { OAKLEY_ATTR_GRP_GEN_ONE,    "Group Generator One",        NULL },
634 { OAKLEY_ATTR_GRP_GEN_TWO,    "Group Generator Two",        NULL },
635 { OAKLEY_ATTR_GRP_CURVE_A,    "Group Curve A",    NULL },
636 { OAKLEY_ATTR_GRP_CURVE_B,    "Group Curve B",    NULL },
637 { OAKLEY_ATTR_SA_LD_TYPE,     "Life Type",                  s_attr_isakmp_ltype },
638 { OAKLEY_ATTR_SA_LD,                    "Life Duration",    NULL },
639 { OAKLEY_ATTR_PRF,            "PRF",                        NULL },
640 { OAKLEY_ATTR_KEY_LEN,                  "Key Length",                 NULL },
641 { OAKLEY_ATTR_FIELD_SIZE,     "Field Size",                 NULL },
642 { OAKLEY_ATTR_GRP_ORDER,      "Group Order",                NULL },
643 { OAKLEY_ATTR_BLOCK_SIZE,     "Block Size",                 NULL },
644 { OAKLEY_ATTR_GSS_ID,                   "GSS-API endpoint name",NULL },
645 };
646 
647 const char *
s_oakley_attr(int k)648 s_oakley_attr(int k)
649 {
650           int i;
651           for (i = 0; i < ARRAYLEN(name_oakley_attr); i++)
652                     if (name_oakley_attr[i].key == k)
653                               return name_oakley_attr[i].str;
654           return num2str(k);
655 }
656 
657 static struct ksmap name_attr_isakmp_enc[] = {
658 { OAKLEY_ATTR_ENC_ALG_DES,    "DES-CBC",                    NULL },
659 { OAKLEY_ATTR_ENC_ALG_IDEA,   "IDEA-CBC",                   NULL },
660 { OAKLEY_ATTR_ENC_ALG_BLOWFISH,         "Blowfish-CBC",               NULL },
661 { OAKLEY_ATTR_ENC_ALG_RC5,    "RC5-R16-B64-CBC",  NULL },
662 { OAKLEY_ATTR_ENC_ALG_3DES,   "3DES-CBC",                   NULL },
663 { OAKLEY_ATTR_ENC_ALG_CAST,   "CAST-CBC",                   NULL },
664 { OAKLEY_ATTR_ENC_ALG_AES,    "AES-CBC",                    NULL },
665 };
666 
667 const char *
s_attr_isakmp_enc(int k)668 s_attr_isakmp_enc(int k)
669 {
670           int i;
671           for (i = 0; i < ARRAYLEN(name_attr_isakmp_enc); i++)
672                     if (name_attr_isakmp_enc[i].key == k)
673                               return name_attr_isakmp_enc[i].str;
674           return num2str(k);
675 }
676 
677 static struct ksmap name_attr_isakmp_hash[] = {
678 { OAKLEY_ATTR_HASH_ALG_MD5,   "MD5",              NULL },
679 { OAKLEY_ATTR_HASH_ALG_SHA,   "SHA",              NULL },
680 { OAKLEY_ATTR_HASH_ALG_TIGER, "Tiger",  NULL },
681 { OAKLEY_ATTR_HASH_ALG_SHA2_256,"SHA256",         NULL },
682 { OAKLEY_ATTR_HASH_ALG_SHA2_384,"SHA384",         NULL },
683 { OAKLEY_ATTR_HASH_ALG_SHA2_512,"SHA512",         NULL },
684 };
685 
686 const char *
s_attr_isakmp_hash(int k)687 s_attr_isakmp_hash(int k)
688 {
689           int i;
690           for (i = 0; i < ARRAYLEN(name_attr_isakmp_hash); i++)
691                     if (name_attr_isakmp_hash[i].key == k)
692                               return name_attr_isakmp_hash[i].str;
693           return num2str(k);
694 }
695 
696 static struct ksmap name_attr_isakmp_method[] = {
697 { OAKLEY_ATTR_AUTH_METHOD_PSKEY,                  "pre-shared key",   NULL },
698 { OAKLEY_ATTR_AUTH_METHOD_DSSSIG,                 "DSS signatures",   NULL },
699 { OAKLEY_ATTR_AUTH_METHOD_RSASIG,                 "RSA signatures",   NULL },
700 { OAKLEY_ATTR_AUTH_METHOD_RSAENC,                 "Encryption with RSA",        NULL },
701 { OAKLEY_ATTR_AUTH_METHOD_RSAREV,                 "Revised encryption with RSA",          NULL },
702 { OAKLEY_ATTR_AUTH_METHOD_EGENC,                  "Encryption with El-Gamal",   NULL },
703 { OAKLEY_ATTR_AUTH_METHOD_EGREV,                  "Revised encryption with El-Gamal",     NULL },
704 #ifdef HAVE_GSSAPI
705 { OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB,             "GSS-API on Kerberos 5", NULL },
706 #endif
707 #ifdef ENABLE_HYBRID
708 { OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R,           "Hybrid DSS server",          NULL },
709 { OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R,           "Hybrid RSA server",          NULL },
710 { OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I,           "Hybrid DSS client",          NULL },
711 { OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I,           "Hybrid RSA client",          NULL },
712 { OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I,          "XAuth pskey client",         NULL },
713 { OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R,          "XAuth pskey server",         NULL },
714 { OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I,         "XAuth RSASIG client",        NULL },
715 { OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R,         "XAuth RSASIG server",        NULL },
716 #endif
717 };
718 
719 const char *
s_oakley_attr_method(int k)720 s_oakley_attr_method(int k)
721 {
722           int i;
723           for (i = 0; i < ARRAYLEN(name_attr_isakmp_method); i++)
724                     if (name_attr_isakmp_method[i].key == k)
725                               return name_attr_isakmp_method[i].str;
726           return num2str(k);
727 }
728 
729 static struct ksmap name_attr_isakmp_desc[] = {
730 { OAKLEY_ATTR_GRP_DESC_MODP768,                   "768-bit MODP group",         NULL },
731 { OAKLEY_ATTR_GRP_DESC_MODP1024,        "1024-bit MODP group",        NULL },
732 { OAKLEY_ATTR_GRP_DESC_EC2N155,                   "EC2N group on GP[2^155]",    NULL },
733 { OAKLEY_ATTR_GRP_DESC_EC2N185,                   "EC2N group on GP[2^185]",    NULL },
734 { OAKLEY_ATTR_GRP_DESC_MODP1536,        "1536-bit MODP group",        NULL },
735 { OAKLEY_ATTR_GRP_DESC_MODP2048,        "2048-bit MODP group",        NULL },
736 { OAKLEY_ATTR_GRP_DESC_MODP3072,        "3072-bit MODP group",        NULL },
737 { OAKLEY_ATTR_GRP_DESC_MODP4096,        "4096-bit MODP group",        NULL },
738 { OAKLEY_ATTR_GRP_DESC_MODP6144,        "6144-bit MODP group",        NULL },
739 { OAKLEY_ATTR_GRP_DESC_MODP8192,        "8192-bit MODP group",        NULL },
740 };
741 
742 const char *
s_attr_isakmp_desc(int k)743 s_attr_isakmp_desc(int k)
744 {
745           int i;
746           for (i = 0; i < ARRAYLEN(name_attr_isakmp_desc); i++)
747                     if (name_attr_isakmp_desc[i].key == k)
748                               return name_attr_isakmp_desc[i].str;
749           return num2str(k);
750 }
751 
752 static struct ksmap name_attr_isakmp_group[] = {
753 { OAKLEY_ATTR_GRP_TYPE_MODP,  "MODP",   NULL },
754 { OAKLEY_ATTR_GRP_TYPE_ECP,   "ECP",    NULL },
755 { OAKLEY_ATTR_GRP_TYPE_EC2N,  "EC2N",   NULL },
756 };
757 
758 const char *
s_attr_isakmp_group(int k)759 s_attr_isakmp_group(int k)
760 {
761           int i;
762           for (i = 0; i < ARRAYLEN(name_attr_isakmp_group); i++)
763                     if (name_attr_isakmp_group[i].key == k)
764                               return name_attr_isakmp_group[i].str;
765           return num2str(k);
766 }
767 
768 static struct ksmap name_attr_isakmp_ltype[] = {
769 { OAKLEY_ATTR_SA_LD_TYPE_SEC, "seconds",          NULL },
770 { OAKLEY_ATTR_SA_LD_TYPE_KB,  "kilobytes",        NULL },
771 };
772 
773 const char *
s_attr_isakmp_ltype(int k)774 s_attr_isakmp_ltype(int k)
775 {
776           int i;
777           for (i = 0; i < ARRAYLEN(name_attr_isakmp_ltype); i++)
778                     if (name_attr_isakmp_ltype[i].key == k)
779                               return name_attr_isakmp_ltype[i].str;
780           return num2str(k);
781 }
782 
783 const char *
s_oakley_attr_v(int type,int val)784 s_oakley_attr_v(int type, int val)
785 {
786           int i;
787           for (i = 0; i < ARRAYLEN(name_oakley_attr); i++)
788                     if (name_oakley_attr[i].key == type
789                      && name_oakley_attr[i].f)
790                               return (name_oakley_attr[i].f)(val);
791           return num2str(val);
792 }
793 
794 static struct ksmap name_ipsec_level[] = {
795 { IPSEC_LEVEL_USE,  "use",              NULL },
796 { IPSEC_LEVEL_REQUIRE,        "require",          NULL },
797 { IPSEC_LEVEL_UNIQUE,         "unique", NULL },
798 };
799 
800 const char *
s_ipsec_level(int k)801 s_ipsec_level(int k)
802 {
803           int i;
804           for (i = 0; i < ARRAYLEN(name_ipsec_level); i++)
805                     if (name_ipsec_level[i].key == k)
806                               return name_ipsec_level[i].str;
807           return num2str(k);
808 }
809 
810 static struct ksmap name_algclass[] = {
811 { algclass_ipsec_enc,         "ipsec enc",        s_ipsecdoi_trns_esp },
812 { algclass_ipsec_auth,        "ipsec auth",       s_ipsecdoi_trns_ah },
813 { algclass_ipsec_comp,        "ipsec comp",       s_ipsecdoi_trns_ipcomp },
814 { algclass_isakmp_enc,        "isakmp enc",       s_attr_isakmp_enc },
815 { algclass_isakmp_hash,       "isakmp hash",      s_attr_isakmp_hash },
816 { algclass_isakmp_dh,         "isakmp dh",        s_attr_isakmp_desc },
817 { algclass_isakmp_ameth, "isakmp auth method",    s_oakley_attr_method },
818 };
819 
820 const char *
s_algclass(int k)821 s_algclass(int k)
822 {
823           int i;
824           for (i = 0; i < ARRAYLEN(name_algclass); i++)
825                     if (name_algclass[i].key == k)
826                               return name_algclass[i].str;
827           return num2str(k);
828 }
829 
830 const char *
s_algtype(int class,int n)831 s_algtype(int class, int n)
832 {
833           int i;
834           for (i = 0; i < ARRAYLEN(name_algclass); i++)
835                     if (name_algclass[i].key == class
836                      && name_algclass[i].f)
837                               return (name_algclass[i].f)(n);
838           return num2str(n);
839 }
840 
841 /* pfkey.h */
842 static struct ksmap name_pfkey_type[] = {
843 { SADB_GETSPI,                "GETSPI", NULL },
844 { SADB_UPDATE,                "UPDATE", NULL },
845 { SADB_ADD,                   "ADD",              NULL },
846 { SADB_DELETE,                "DELETE", NULL },
847 { SADB_GET,                   "GET",              NULL },
848 { SADB_ACQUIRE,               "ACQUIRE",          NULL },
849 { SADB_REGISTER,    "REGISTER",         NULL },
850 { SADB_EXPIRE,                "EXPIRE", NULL },
851 { SADB_FLUSH,                 "FLUSH",  NULL },
852 { SADB_DUMP,                  "DUMP",             NULL },
853 { SADB_X_PROMISC,   "X_PROMISC",        NULL },
854 { SADB_X_PCHANGE,   "X_PCHANGE",        NULL },
855 { SADB_X_SPDUPDATE, "X_SPDUPDATE",      NULL },
856 { SADB_X_SPDADD,    "X_SPDADD",         NULL },
857 { SADB_X_SPDDELETE, "X_SPDDELETE",      NULL },
858 { SADB_X_SPDGET,    "X_SPDGET",         NULL },
859 { SADB_X_SPDACQUIRE,          "X_SPDACQUIRE",     NULL },
860 { SADB_X_SPDDUMP,   "X_SPDDUMP",        NULL },
861 { SADB_X_SPDFLUSH,  "X_SPDFLUSH",       NULL },
862 { SADB_X_SPDSETIDX, "X_SPDSETIDX",      NULL },
863 { SADB_X_SPDEXPIRE, "X_SPDEXPIRE",      NULL },
864 { SADB_X_SPDDELETE2,          "X_SPDDELETE2",     NULL },
865 #ifdef SADB_X_NAT_T_NEW_MAPPING
866 { SADB_X_NAT_T_NEW_MAPPING, "X_NAT_T_NEW_MAPPING", NULL },
867 #endif
868 #ifdef SADB_X_MIGRATE
869 { SADB_X_MIGRATE,   "X_MIGRATE",        NULL },
870 #endif
871 };
872 
873 const char *
s_pfkey_type(int k)874 s_pfkey_type(int k)
875 {
876           int i;
877           for (i = 0; i < ARRAYLEN(name_pfkey_type); i++)
878                     if (name_pfkey_type[i].key == k)
879                               return name_pfkey_type[i].str;
880           return num2str(k);
881 }
882 
883 static struct ksmap name_pfkey_satype[] = {
884 { SADB_SATYPE_UNSPEC,         "UNSPEC", NULL },
885 { SADB_SATYPE_AH,   "AH",               NULL },
886 { SADB_SATYPE_ESP,  "ESP",              NULL },
887 { SADB_SATYPE_RSVP, "RSVP",             NULL },
888 { SADB_SATYPE_OSPFV2,         "OSPFV2", NULL },
889 { SADB_SATYPE_RIPV2,          "RIPV2",  NULL },
890 { SADB_SATYPE_MIP,  "MIP",              NULL },
891 { SADB_X_SATYPE_IPCOMP,       "IPCOMP", NULL },
892 };
893 
894 const char *
s_pfkey_satype(int k)895 s_pfkey_satype(int k)
896 {
897           int i;
898           for (i = 0; i < ARRAYLEN(name_pfkey_satype); i++)
899                     if (name_pfkey_satype[i].key == k)
900                               return name_pfkey_satype[i].str;
901           return num2str(k);
902 }
903 
904 static struct ksmap name_direction[] = {
905 { IPSEC_DIR_INBOUND,          "in",     NULL },
906 { IPSEC_DIR_OUTBOUND,         "out",    NULL },
907 #ifdef HAVE_POLICY_FWD
908 { IPSEC_DIR_FWD,    "fwd",    NULL },
909 #endif
910 };
911 
912 const char *
s_direction(int k)913 s_direction(int k)
914 {
915           int i;
916           for (i = 0; i < ARRAYLEN(name_direction); i++)
917                     if (name_direction[i].key == k)
918                               return name_direction[i].str;
919           return num2str(k);
920 }
921 
922 const char *
s_proto(int k)923 s_proto(int k)
924 {
925           switch (k) {
926           case IPPROTO_ICMP:
927                     return "icmp";
928           case IPPROTO_TCP:
929                     return "tcp";
930           case IPPROTO_UDP:
931                     return "udp";
932           case IPPROTO_ICMPV6:
933                     return "icmpv6";
934           case IPSEC_ULPROTO_ANY:
935                     return "any";
936           }
937 
938           return num2str(k);
939 }
940 
941 const char *
s_doi(int k)942 s_doi(int k)
943 {
944   switch (k) {
945     case IPSEC_DOI:
946       return "ipsec_doi";
947     default:
948       return num2str(k);
949   }
950 }
951 
952 const char *
s_etype(int k)953 s_etype(int k)
954 {
955   switch (k) {
956     case ISAKMP_ETYPE_NONE:
957       return "_none";
958     case ISAKMP_ETYPE_BASE:
959       return "base";
960     case ISAKMP_ETYPE_IDENT:
961       return "main";
962     case ISAKMP_ETYPE_AUTH:
963       return "_auth";
964     case ISAKMP_ETYPE_AGG:
965       return "aggressive";
966     case ISAKMP_ETYPE_INFO:
967       return "_info";
968     case ISAKMP_ETYPE_QUICK:
969       return "_quick";
970     case ISAKMP_ETYPE_NEWGRP:
971       return "_newgrp";
972     case ISAKMP_ETYPE_ACKINFO:
973       return "_ackinfo";
974     default:
975       return num2str(k);
976   }
977 }
978 
979 const char *
s_idtype(int k)980 s_idtype(int k)
981 {
982   switch (k) {
983     case IDTYPE_FQDN:
984       return "fqdn";
985     case IDTYPE_USERFQDN:
986       return "user_fqdn";
987     case IDTYPE_KEYID:
988       return "keyid";
989     case IDTYPE_ADDRESS:
990       return "address";
991     case IDTYPE_ASN1DN:
992       return "asn1dn";
993     default:
994       return num2str(k);
995   }
996 }
997 
998 const char *
s_switch(int k)999 s_switch(int k)
1000 {
1001   switch (k) {
1002     case FALSE:
1003       return "off";
1004     case TRUE:
1005       return "on";
1006     default:
1007       return num2str(k);
1008   }
1009 }
1010