[thirdparty/openvpn.git] / options.h

/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program (see the file COPYING included with this
 *  distribution); if not, write to the Free Software Foundation, Inc.,
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

/*
 * 2004-01-28: Added Socks5 proxy support
 *   (Christof Meerwald, http://cmeerw.org)
 */

#ifndef OPTIONS_H
#define OPTIONS_H

#include "basic.h"
#include "common.h"
#include "mtu.h"
#include "route.h"
#include "tun.h"
#include "socket.h"
#include "plugin.h"
#include "manage.h"
#include "proxy.h"
#include "lzo.h"

/*
 * Maximum number of parameters associated with an option,
 * including the option name itself.
 */
#define MAX_PARMS 16

/*
 * Max size of options line and parameter.
 */
#define OPTION_PARM_SIZE 256
#define OPTION_LINE_SIZE 256

extern const char title_string[];

#if P2MP

#if P2MP_SERVER
/* parameters to be pushed to peer */

#define MAX_PUSH_LIST_LEN TLS_CHANNEL_BUF_SIZE /* This parm is related to PLAINTEXT_BUFFER_SIZE in ssl.h */

struct push_list {
  /* newline delimited options, like config file */
  char options[MAX_PUSH_LIST_LEN];
};
#endif

/* certain options are saved before --pull modifications are applied */
struct options_pre_pull
{
  bool tuntap_options_defined;
  struct tuntap_options tuntap_options;

  bool routes_defined;
  struct route_option_list routes;

  int foreign_option_index;
};

#endif

/* Command line options */
struct options
{
  struct gc_arena gc;

  /* first config file */
  const char *config;

  /* major mode */
# define MODE_POINT_TO_POINT 0
# define MODE_SERVER         1
  int mode;

  /* persist parms */
  bool persist_config;
  int persist_mode;

#ifdef USE_CRYPTO
  const char *key_pass_file;
  bool show_ciphers;
  bool show_digests;
  bool show_engines;
#ifdef USE_SSL
  bool show_tls_ciphers;
#endif
  bool genkey;
#endif

  /* Networking parms */
  const char *local;
  int local_port;
  bool local_port_defined;
  int remote_port;
  bool port_option_used;
  bool remote_float;
  struct remote_list *remote_list;
  bool remote_random;
  const char *ipchange;
  bool bind_defined;
  bool bind_local;
  const char *dev;
  const char *dev_type;
  const char *dev_node;
  const char *lladdr;
  int topology; /* one of the TOP_x values from proto.h */
  const char *ifconfig_local;
  const char *ifconfig_remote_netmask;
  bool ifconfig_noexec;
  bool ifconfig_nowarn;
#ifdef HAVE_GETTIMEOFDAY
  int shaper;
#endif
  int tun_mtu;           /* MTU of tun device */
  int tun_mtu_extra;
  bool tun_mtu_extra_defined;
  int link_mtu;          /* MTU of device over which tunnel packets pass via TCP/UDP */
  bool tun_mtu_defined;  /* true if user overriding parm with command line option */
  bool link_mtu_defined; /* true if user overriding parm with command line option */

  /* Protocol type (PROTO_UDP or PROTO_TCP) */
  int proto;
  int connect_retry_seconds;
  int connect_retry_max;
  bool connect_retry_defined;
  int connect_timeout;
  bool connect_timeout_defined;

  /* Advanced MTU negotiation and datagram fragmentation options */
  int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */

#ifdef ENABLE_OCC
  bool mtu_test;
#endif

  int fragment;                 /* internal fragmentation size */

  bool mlock;

  int keepalive_ping;           /* a proxy for ping/ping-restart */
  int keepalive_timeout;

  int inactivity_timeout;       /* --inactive */
  int inactivity_minimum_bytes;

  int ping_send_timeout;        /* Send a TCP/UDP ping to remote every n seconds */
  int ping_rec_timeout;         /* Expect a TCP/UDP ping from remote at least once every n seconds */
  bool ping_timer_remote;       /* Run ping timer only if we have a remote address */
  bool tun_ipv6;                /* Build tun dev that supports IPv6 */

# define PING_UNDEF   0
# define PING_EXIT    1
# define PING_RESTART 2
  int ping_rec_timeout_action;  /* What action to take on ping_rec_timeout (exit or restart)? */

#ifdef ENABLE_OCC
  int explicit_exit_notification;  /* Explicitly tell peer when we are exiting via OCC_EXIT message */
#endif

  bool persist_tun;             /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
  bool persist_local_ip;        /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
  bool persist_remote_ip;       /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
  bool persist_key;             /* Don't re-read key files on SIGUSR1 or PING_RESTART */

  int mssfix;                   /* Upper bound on TCP MSS */
  bool mssfix_default;          /* true if --mssfix was supplied without a parameter */

#if PASSTOS_CAPABILITY
  bool passtos;                  
#endif

  int resolve_retry_seconds;    /* If hostname resolve fails, retry for n seconds */

  struct tuntap_options tuntap_options;

  /* Misc parms */
  const char *username;
  const char *groupname;
  const char *chroot_dir;
  const char *cd_dir;
  const char *writepid;
  const char *up_script;
  const char *down_script;
  bool down_pre;
  bool up_delay;
  bool up_restart;
  bool daemon;

  int remap_sigusr1;

  /* inetd modes defined in socket.h */
  int inetd;

  bool log;
  bool suppress_timestamps;
  int nice;
  int verbosity;
  int mute;

#ifdef ENABLE_DEBUG
  int gremlin;
#endif

  const char *status_file;
  int status_file_version;
  int status_file_update_freq;

  /* optimize TUN/TAP/UDP writes */
  bool fast_io;

#ifdef USE_LZO
  /* LZO_x flags from lzo.h */
  unsigned int lzo;
#endif

  /* buffer sizes */
  int rcvbuf;
  int sndbuf;

  /* socket flags */
  unsigned int sockflags;

  /* route management */
  const char *route_script;
  const char *route_default_gateway;
  int route_default_metric;
  bool route_noexec;
  int route_delay;
  int route_delay_window;
  bool route_delay_defined;
  struct route_option_list *routes;
  bool route_nopull;

#ifdef GENERAL_PROXY_SUPPORT
  struct auto_proxy_info *auto_proxy_info;
#endif

#ifdef ENABLE_HTTP_PROXY
  struct http_proxy_options *http_proxy_options;
#endif

#ifdef ENABLE_SOCKS
  /* socks proxy */
  const char *socks_proxy_server;
  int socks_proxy_port;
  bool socks_proxy_retry;
#endif

#ifdef ENABLE_OCC
  /* Enable options consistency check between peers */
  bool occ;
#endif

#ifdef ENABLE_MANAGEMENT
  const char *management_addr;
  int management_port;
  const char *management_user_pass;
  int management_log_history_cache;
  int management_echo_buffer_size;
  int management_state_buffer_size;
  const char *management_write_peer_info_file;

  /* Mask of MF_ values of manage.h */
  unsigned int management_flags;
#endif

#ifdef ENABLE_PLUGIN
  struct plugin_option_list *plugin_list;
#endif

#ifdef USE_PTHREAD
  int n_threads;
  int nice_work;
#endif

#if P2MP

#if P2MP_SERVER
  bool server_defined;
  in_addr_t server_network;
  in_addr_t server_netmask;

# define SF_NOPOOL (1<<0)
  unsigned int server_flags;

  bool server_bridge_defined;
  in_addr_t server_bridge_ip;
  in_addr_t server_bridge_netmask;
  in_addr_t server_bridge_pool_start;
  in_addr_t server_bridge_pool_end;

  struct push_list *push_list;
  bool ifconfig_pool_defined;
  in_addr_t ifconfig_pool_start;
  in_addr_t ifconfig_pool_end;
  in_addr_t ifconfig_pool_netmask;
  const char *ifconfig_pool_persist_filename;
  int ifconfig_pool_persist_refresh_freq;
  int real_hash_size;
  int virtual_hash_size;
  const char *client_connect_script;
  const char *client_disconnect_script;
  const char *learn_address_script;
  const char *tmp_dir;
  const char *client_config_dir;
  bool ccd_exclusive;
  bool disable;
  int n_bcast_buf;
  int tcp_queue_limit;
  struct iroute *iroutes;
  bool push_ifconfig_defined;
  in_addr_t push_ifconfig_local;
  in_addr_t push_ifconfig_remote_netmask;
  bool push_ifconfig_constraint_defined;
  in_addr_t push_ifconfig_constraint_network;
  in_addr_t push_ifconfig_constraint_netmask;
  bool enable_c2c;
  bool duplicate_cn;
  int cf_max;
  int cf_per;
  int max_clients;
  int max_routes_per_client;

  bool client_cert_not_required;
  bool username_as_common_name;
  const char *auth_user_pass_verify_script;
  bool auth_user_pass_verify_script_via_file;
#if PORT_SHARE
  char *port_share_host;
  int port_share_port;
#endif
#endif

  bool client;
  bool pull; /* client pull of config options from server */
  const char *auth_user_pass_file;
  struct options_pre_pull *pre_pull;

  int scheduled_exit_interval;

#endif

#ifdef USE_CRYPTO
  /* Cipher parms */
  const char *shared_secret_file;
#if ENABLE_INLINE_FILES
  const char *shared_secret_file_inline;
#endif
  int key_direction;
  bool ciphername_defined;
  const char *ciphername;
  bool authname_defined;
  const char *authname;
  int keysize;
  const char *engine;
  bool replay;
  bool mute_replay_warnings;
  int replay_window;
  int replay_time;
  const char *packet_id_file;
  bool use_iv;
  bool test_crypto;

#ifdef USE_SSL
  /* TLS (control channel) parms */
  bool tls_server;
  bool tls_client;
  const char *ca_file;
  const char *ca_path;
  const char *dh_file;
  const char *cert_file;
  const char *priv_key_file;
  const char *pkcs12_file;
  const char *cipher_list;
  const char *tls_verify;
  const char *tls_remote;
  const char *crl_file;

#if ENABLE_INLINE_FILES
  const char *ca_file_inline;
  const char *cert_file_inline;
  char *priv_key_file_inline;
  const char *dh_file_inline;
#endif

  int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */
  unsigned remote_cert_ku[MAX_PARMS];
  const char *remote_cert_eku;

#ifdef ENABLE_PKCS11
  const char *pkcs11_providers[MAX_PARMS];
  unsigned pkcs11_private_mode[MAX_PARMS];
  bool pkcs11_protected_authentication[MAX_PARMS];
  bool pkcs11_cert_private[MAX_PARMS];
  int pkcs11_pin_cache_period;
  const char *pkcs11_id;
  bool pkcs11_id_management;
#endif

#ifdef WIN32
  const char *cryptoapi_cert;
#endif

  /* data channel key exchange method */
  int key_method;

  /* Per-packet timeout on control channel */
  int tls_timeout;

  /* Data channel key renegotiation parameters */
  int renegotiate_bytes;
  int renegotiate_packets;
  int renegotiate_seconds;

  /* Data channel key handshake must finalize
     within n seconds of handshake initiation. */
  int handshake_window;

  /* Old key allowed to live n seconds after new key goes active */
  int transition_window;

  /* Special authentication MAC for TLS control channel */
  const char *tls_auth_file;		/* shared secret */
#if ENABLE_INLINE_FILES
  const char *tls_auth_file_inline;
#endif

  /* Allow only one session */
  bool single_session;

  bool tls_exit;

#endif /* USE_SSL */
#endif /* USE_CRYPTO */

  /* special state parms */
  int foreign_option_index;

#ifdef WIN32
  const char *exit_event_name;
  bool exit_event_initial_state;
  bool show_net_up;
  int route_method;
#endif
};

#define streq(x, y) (!strcmp((x), (y)))

/*
 * Option classes.
 */
#define OPT_P_GENERAL         (1<<0)
#define OPT_P_UP              (1<<1)
#define OPT_P_ROUTE           (1<<2)
#define OPT_P_IPWIN32         (1<<3)
#define OPT_P_SCRIPT          (1<<4)
#define OPT_P_SETENV          (1<<5)
#define OPT_P_SHAPER          (1<<6)
#define OPT_P_TIMER           (1<<7)
#define OPT_P_PERSIST         (1<<8)
#define OPT_P_PERSIST_IP      (1<<9)
#define OPT_P_COMP            (1<<10) /* TODO */
#define OPT_P_MESSAGES        (1<<11)
#define OPT_P_CRYPTO          (1<<12) /* TODO */
#define OPT_P_TLS_PARMS       (1<<13) /* TODO */
#define OPT_P_MTU             (1<<14) /* TODO */
#define OPT_P_NICE            (1<<15)
#define OPT_P_PUSH            (1<<16)
#define OPT_P_INSTANCE        (1<<17)
#define OPT_P_CONFIG          (1<<18)
#define OPT_P_EXPLICIT_NOTIFY (1<<19)
#define OPT_P_ECHO            (1<<20)
#define OPT_P_INHERIT         (1<<21)
#define OPT_P_ROUTE_EXTRAS    (1<<22)
#define OPT_P_PULL_MODE       (1<<23)
#define OPT_P_PLUGIN          (1<<24)
#define OPT_P_SOCKBUF         (1<<25)
#define OPT_P_SOCKFLAGS       (1<<26)

#define OPT_P_DEFAULT   (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))

#if P2MP
#define PULL_DEFINED(opt) ((opt)->pull)
#if P2MP_SERVER
#define PUSH_DEFINED(opt) ((opt)->push_list)
#endif
#endif

#ifndef PULL_DEFINED
#define PULL_DEFINED(opt) (false)
#endif

#ifndef PUSH_DEFINED
#define PUSH_DEFINED(opt) (false)
#endif

#ifdef WIN32
#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
#else
#define ROUTE_OPTION_FLAGS(o) (0)
#endif

#ifdef HAVE_GETTIMEOFDAY
#define SHAPER_DEFINED(opt) ((opt)->shaper)
#else
#define SHAPER_DEFINED(opt) (false)
#endif

#ifdef ENABLE_PLUGIN
#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
#else
#define PLUGIN_OPTION_LIST(opt) (NULL)
#endif

#ifdef MANAGEMENT_DEF_AUTH
#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
#else
#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
#endif

void parse_argv (struct options *options,
		 const int argc,
		 char *argv[],
		 const int msglevel,
		 const unsigned int permission_mask,
		 unsigned int *option_types_found,
		 struct env_set *es);

void notnull (const char *arg, const char *description);

void usage_small (void);

void init_options (struct options *o);
void uninit_options (struct options *o);

void setenv_settings (struct env_set *es, const struct options *o);
void show_settings (const struct options *o);

bool string_defined_equal (const char *s1, const char *s2);

#ifdef ENABLE_OCC

const char *options_string_version (const char* s, struct gc_arena *gc);

char *options_string (const struct options *o,
		      const struct frame *frame,
		      struct tuntap *tt,
		      bool remote,
		      struct gc_arena *gc);

int options_cmp_equal_safe (char *actual, const char *expected, size_t actual_n);
void options_warning_safe (char *actual, const char *expected, size_t actual_n);
int options_cmp_equal (char *actual, const char *expected);
void options_warning (char *actual, const char *expected);

#endif

void options_postprocess (struct options *options, bool first_time);

void pre_pull_save (struct options *o);
void pre_pull_restore (struct options *o);

bool apply_push_options (struct options *options,
			 struct buffer *buf,
			 unsigned int permission_mask,
			 unsigned int *option_types_found,
			 struct env_set *es);

bool is_persist_option (const struct options *o);
bool is_stateful_restart (const struct options *o);

void options_detach (struct options *o);

void options_server_import (struct options *o,
			    const char *filename,
			    int msglevel,
			    unsigned int permission_mask,
			    unsigned int *option_types_found,
			    struct env_set *es);

void pre_pull_default (struct options *o);

void rol_check_alloc (struct options *options);

int parse_line (const char *line,
		char *p[],
		const int n,
		const char *file,
		const int line_num,
		int msglevel,
		struct gc_arena *gc);

/*
 * parse/print topology coding
 */

int parse_topology (const char *str, const int msglevel);
const char *print_topology (const int topology);

/*
 * Manage auth-retry variable
 */

#if P2MP

#define AR_NONE       0
#define AR_INTERACT   1
#define AR_NOINTERACT 2

int auth_retry_get (void);
bool auth_retry_set (const int msglevel, const char *option);
const char *auth_retry_print (void);

#endif

void options_string_import (struct options *options,
			    const char *config,
			    const int msglevel,
			    const unsigned int permission_mask,
			    unsigned int *option_types_found,
			    struct env_set *es);

#endif
Commit	Line	Data
6fbf66fa JY	1	/*
	2	* OpenVPN -- An application to securely tunnel IP networks
	3	* over a single UDP port, with support for SSL/TLS-based
	4	* session authentication and key exchange,
	5	* packet encryption, packet authentication, and
	6	* packet compression.
	7	*
	8	* Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
	9	*
	10	* This program is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License version 2
	12	* as published by the Free Software Foundation.
	13	*
	14	* This program is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	* GNU General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU General Public License
	20	* along with this program (see the file COPYING included with this
	21	* distribution); if not, write to the Free Software Foundation, Inc.,
	22	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	23	*/
	24
	25	/*
	26	* 2004-01-28: Added Socks5 proxy support
	27	* (Christof Meerwald, http://cmeerw.org)
	28	*/
	29
	30	#ifndef OPTIONS_H
	31	#define OPTIONS_H
	32
	33	#include "basic.h"
	34	#include "common.h"
	35	#include "mtu.h"
	36	#include "route.h"
	37	#include "tun.h"
	38	#include "socket.h"
	39	#include "plugin.h"
	40	#include "manage.h"
	41	#include "proxy.h"
537073fd	42	#include "lzo.h"
6fbf66fa JY	43
	44	/*
	45	* Maximum number of parameters associated with an option,
	46	* including the option name itself.
	47	*/
	48	#define MAX_PARMS 16
	49
	50	/*
	51	* Max size of options line and parameter.
	52	*/
	53	#define OPTION_PARM_SIZE 256
	54	#define OPTION_LINE_SIZE 256
	55
	56	extern const char title_string[];
	57
	58	#if P2MP
	59
	60	#if P2MP_SERVER
	61	/* parameters to be pushed to peer */
	62
	63	#define MAX_PUSH_LIST_LEN TLS_CHANNEL_BUF_SIZE /* This parm is related to PLAINTEXT_BUFFER_SIZE in ssl.h */
	64
	65	struct push_list {
	66	/* newline delimited options, like config file */
	67	char options[MAX_PUSH_LIST_LEN];
	68	};
	69	#endif
	70
	71	/* certain options are saved before --pull modifications are applied */
	72	struct options_pre_pull
	73	{
	74	bool tuntap_options_defined;
	75	struct tuntap_options tuntap_options;
	76
	77	bool routes_defined;
	78	struct route_option_list routes;
	79
	80	int foreign_option_index;
	81	};
	82
	83	#endif
	84
	85	/* Command line options */
	86	struct options
	87	{
	88	struct gc_arena gc;
	89
	90	/* first config file */
	91	const char *config;
	92
	93	/* major mode */
	94	# define MODE_POINT_TO_POINT 0
	95	# define MODE_SERVER 1
	96	int mode;
	97
	98	/* persist parms */
	99	bool persist_config;
	100	int persist_mode;
	101
	102	#ifdef USE_CRYPTO
	103	const char *key_pass_file;
	104	bool show_ciphers;
	105	bool show_digests;
	106	bool show_engines;
107	#ifdef USE_SSL
108	bool show_tls_ciphers;
109	#endif
110	bool genkey;
111	#endif
112
113	/* Networking parms */
114	const char *local;
115	int local_port;
116	bool local_port_defined;
117	int remote_port;
118	bool port_option_used;
119	bool remote_float;
120	struct remote_list *remote_list;
121	bool remote_random;
122	const char *ipchange;
04f4b793	123	bool bind_defined;
6fbf66fa JY	124	bool bind_local;
	125	const char *dev;
	126	const char *dev_type;
	127	const char *dev_node;
e12fe286	128	const char *lladdr;
3c7f2f55	129	int topology; /* one of the TOP_x values from proto.h */
6fbf66fa JY	130	const char *ifconfig_local;
	131	const char *ifconfig_remote_netmask;
	132	bool ifconfig_noexec;
	133	bool ifconfig_nowarn;
	134	#ifdef HAVE_GETTIMEOFDAY
	135	int shaper;
	136	#endif
	137	int tun_mtu; /* MTU of tun device */
	138	int tun_mtu_extra;
	139	bool tun_mtu_extra_defined;
	140	int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
	141	bool tun_mtu_defined; /* true if user overriding parm with command line option */
	142	bool link_mtu_defined; /* true if user overriding parm with command line option */
	143
	144	/* Protocol type (PROTO_UDP or PROTO_TCP) */
	145	int proto;
	146	int connect_retry_seconds;
b540a9e0	147	int connect_retry_max;
6fbf66fa	148	bool connect_retry_defined;
1ae9d051 JY	149	int connect_timeout;
1ae9d051 JY	150	bool connect_timeout_defined;
6fbf66fa JY	151
	152	/* Advanced MTU negotiation and datagram fragmentation options */
	153	int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
	154
	155	#ifdef ENABLE_OCC
	156	bool mtu_test;
	157	#endif
	158
	159	int fragment; /* internal fragmentation size */
	160
	161	bool mlock;
	162
	163	int keepalive_ping; /* a proxy for ping/ping-restart */
	164	int keepalive_timeout;
	165
838911cc JY	166	int inactivity_timeout; /* --inactive */
	167	int inactivity_minimum_bytes;
	168
6fbf66fa JY	169	int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
	170	int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
	171	bool ping_timer_remote; /* Run ping timer only if we have a remote address */
	172	bool tun_ipv6; /* Build tun dev that supports IPv6 */
	173
	174	# define PING_UNDEF 0
	175	# define PING_EXIT 1
	176	# define PING_RESTART 2
	177	int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
	178
	179	#ifdef ENABLE_OCC
	180	int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT message */
	181	#endif
	182
	183	bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
	184	bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
	185	bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
	186	bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
	187
	188	int mssfix; /* Upper bound on TCP MSS */
	189	bool mssfix_default; /* true if --mssfix was supplied without a parameter */
	190
	191	#if PASSTOS_CAPABILITY
	192	bool passtos;
	193	#endif
	194
	195	int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
	196
	197	struct tuntap_options tuntap_options;
	198
	199	/* Misc parms */
	200	const char *username;
	201	const char *groupname;
	202	const char *chroot_dir;
	203	const char *cd_dir;
	204	const char *writepid;
	205	const char *up_script;
	206	const char *down_script;
	207	bool down_pre;
	208	bool up_delay;
	209	bool up_restart;
	210	bool daemon;
	211
	212	int remap_sigusr1;
	213
	214	/* inetd modes defined in socket.h */
	215	int inetd;
	216
	217	bool log;
	218	bool suppress_timestamps;
	219	int nice;
	220	int verbosity;
	221	int mute;
	222
	223	#ifdef ENABLE_DEBUG
	224	int gremlin;
	225	#endif
	226
	227	const char *status_file;
	228	int status_file_version;
	229	int status_file_update_freq;
	230
	231	/* optimize TUN/TAP/UDP writes */
	232	bool fast_io;
233
234	#ifdef USE_LZO
537073fd JY	235	/* LZO_x flags from lzo.h */
537073fd JY	236	unsigned int lzo;
6fbf66fa JY	237	#endif
	238
	239	/* buffer sizes */
	240	int rcvbuf;
	241	int sndbuf;
	242
00d39170 JY	243	/* socket flags */
	244	unsigned int sockflags;
	245
6fbf66fa JY	246	/* route management */
	247	const char *route_script;
	248	const char *route_default_gateway;
40ac3d7a	249	int route_default_metric;
6fbf66fa JY	250	bool route_noexec;
	251	int route_delay;
	252	int route_delay_window;
	253	bool route_delay_defined;
	254	struct route_option_list *routes;
3c7f2f55	255	bool route_nopull;
6fbf66fa	256
f214bb21 JY	257	#ifdef GENERAL_PROXY_SUPPORT
	258	struct auto_proxy_info *auto_proxy_info;
	259	#endif
	260
6fbf66fa JY	261	#ifdef ENABLE_HTTP_PROXY
	262	struct http_proxy_options *http_proxy_options;
	263	#endif
	264
	265	#ifdef ENABLE_SOCKS
	266	/* socks proxy */
	267	const char *socks_proxy_server;
	268	int socks_proxy_port;
	269	bool socks_proxy_retry;
	270	#endif
	271
	272	#ifdef ENABLE_OCC
	273	/* Enable options consistency check between peers */
	274	bool occ;
	275	#endif
	276
	277	#ifdef ENABLE_MANAGEMENT
	278	const char *management_addr;
	279	int management_port;
	280	const char *management_user_pass;
	281	int management_log_history_cache;
	282	int management_echo_buffer_size;
	283	int management_state_buffer_size;
8d33c060	284	const char *management_write_peer_info_file;
90efcacb JY	285
	286	/* Mask of MF_ values of manage.h */
	287	unsigned int management_flags;
6fbf66fa JY	288	#endif
	289
	290	#ifdef ENABLE_PLUGIN
	291	struct plugin_option_list *plugin_list;
	292	#endif
	293
	294	#ifdef USE_PTHREAD
	295	int n_threads;
	296	int nice_work;
	297	#endif
	298
	299	#if P2MP
	300
	301	#if P2MP_SERVER
	302	bool server_defined;
	303	in_addr_t server_network;
	304	in_addr_t server_netmask;
	305
3c7f2f55 JY	306	# define SF_NOPOOL (1<<0)
	307	unsigned int server_flags;
	308
6fbf66fa JY	309	bool server_bridge_defined;
	310	in_addr_t server_bridge_ip;
	311	in_addr_t server_bridge_netmask;
	312	in_addr_t server_bridge_pool_start;
	313	in_addr_t server_bridge_pool_end;
	314
	315	struct push_list *push_list;
	316	bool ifconfig_pool_defined;
	317	in_addr_t ifconfig_pool_start;
	318	in_addr_t ifconfig_pool_end;
	319	in_addr_t ifconfig_pool_netmask;
	320	const char *ifconfig_pool_persist_filename;
	321	int ifconfig_pool_persist_refresh_freq;
6fbf66fa JY	322	int real_hash_size;
	323	int virtual_hash_size;
	324	const char *client_connect_script;
	325	const char *client_disconnect_script;
	326	const char *learn_address_script;
	327	const char *tmp_dir;
	328	const char *client_config_dir;
	329	bool ccd_exclusive;
	330	bool disable;
	331	int n_bcast_buf;
	332	int tcp_queue_limit;
	333	struct iroute *iroutes;
	334	bool push_ifconfig_defined;
	335	in_addr_t push_ifconfig_local;
	336	in_addr_t push_ifconfig_remote_netmask;
3c7f2f55 JY	337	bool push_ifconfig_constraint_defined;
	338	in_addr_t push_ifconfig_constraint_network;
	339	in_addr_t push_ifconfig_constraint_netmask;
6fbf66fa JY	340	bool enable_c2c;
	341	bool duplicate_cn;
	342	int cf_max;
	343	int cf_per;
	344	int max_clients;
	345	int max_routes_per_client;
	346
	347	bool client_cert_not_required;
	348	bool username_as_common_name;
	349	const char *auth_user_pass_verify_script;
	350	bool auth_user_pass_verify_script_via_file;
6add6b2f JY	351	#if PORT_SHARE
	352	char *port_share_host;
	353	int port_share_port;
	354	#endif
6fbf66fa JY	355	#endif
	356
	357	bool client;
	358	bool pull; /* client pull of config options from server */
	359	const char *auth_user_pass_file;
	360	struct options_pre_pull *pre_pull;
	361
	362	int scheduled_exit_interval;
	363
	364	#endif
	365
	366	#ifdef USE_CRYPTO
	367	/* Cipher parms */
	368	const char *shared_secret_file;
c959fc74 JY	369	#if ENABLE_INLINE_FILES
	370	const char *shared_secret_file_inline;
	371	#endif
6fbf66fa JY	372	int key_direction;
	373	bool ciphername_defined;
	374	const char *ciphername;
	375	bool authname_defined;
	376	const char *authname;
	377	int keysize;
	378	const char *engine;
	379	bool replay;
	380	bool mute_replay_warnings;
	381	int replay_window;
	382	int replay_time;
	383	const char *packet_id_file;
	384	bool use_iv;
	385	bool test_crypto;
	386
	387	#ifdef USE_SSL
	388	/* TLS (control channel) parms */
	389	bool tls_server;
	390	bool tls_client;
	391	const char *ca_file;
e9c5e170	392	const char *ca_path;
6fbf66fa JY	393	const char *dh_file;
	394	const char *cert_file;
	395	const char *priv_key_file;
	396	const char *pkcs12_file;
	397	const char *cipher_list;
	398	const char *tls_verify;
	399	const char *tls_remote;
	400	const char *crl_file;
d40f2b20 JY	401
	402	#if ENABLE_INLINE_FILES
	403	const char *ca_file_inline;
	404	const char *cert_file_inline;
	405	char *priv_key_file_inline;
	406	const char *dh_file_inline;
	407	#endif
	408
6fbf66fa	409	int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */
411e89ae JY	410	unsigned remote_cert_ku[MAX_PARMS];
411e89ae JY	411	const char *remote_cert_eku;
bed73623 JY	412
bed73623 JY	413	#ifdef ENABLE_PKCS11
ce98fd24	414	const char *pkcs11_providers[MAX_PARMS];
718526e0	415	unsigned pkcs11_private_mode[MAX_PARMS];
18597b93 JY	416	bool pkcs11_protected_authentication[MAX_PARMS];
	417	bool pkcs11_cert_private[MAX_PARMS];
	418	int pkcs11_pin_cache_period;
ce98fd24	419	const char *pkcs11_id;
1bda73a7	420	bool pkcs11_id_management;
bed73623 JY	421	#endif
bed73623 JY	422
6fbf66fa JY	423	#ifdef WIN32
	424	const char *cryptoapi_cert;
	425	#endif
	426
	427	/* data channel key exchange method */
	428	int key_method;
	429
	430	/* Per-packet timeout on control channel */
	431	int tls_timeout;
	432
	433	/* Data channel key renegotiation parameters */
	434	int renegotiate_bytes;
	435	int renegotiate_packets;
	436	int renegotiate_seconds;
	437
	438	/* Data channel key handshake must finalize
	439	within n seconds of handshake initiation. */
	440	int handshake_window;
	441
	442	/* Old key allowed to live n seconds after new key goes active */
	443	int transition_window;
	444
	445	/* Special authentication MAC for TLS control channel */
	446	const char tls_auth_file; / shared secret */
c959fc74 JY	447	#if ENABLE_INLINE_FILES
	448	const char *tls_auth_file_inline;
	449	#endif
6fbf66fa JY	450
	451	/* Allow only one session */
	452	bool single_session;
	453
	454	bool tls_exit;
	455
	456	#endif /* USE_SSL */
	457	#endif /* USE_CRYPTO */
	458
	459	/* special state parms */
	460	int foreign_option_index;
	461
	462	#ifdef WIN32
	463	const char *exit_event_name;
	464	bool exit_event_initial_state;
	465	bool show_net_up;
	466	int route_method;
	467	#endif
	468	};
	469
	470	#define streq(x, y) (!strcmp((x), (y)))
	471
	472	/*
	473	* Option classes.
	474	*/
	475	#define OPT_P_GENERAL (1<<0)
	476	#define OPT_P_UP (1<<1)
	477	#define OPT_P_ROUTE (1<<2)
	478	#define OPT_P_IPWIN32 (1<<3)
	479	#define OPT_P_SCRIPT (1<<4)
	480	#define OPT_P_SETENV (1<<5)
	481	#define OPT_P_SHAPER (1<<6)
	482	#define OPT_P_TIMER (1<<7)
	483	#define OPT_P_PERSIST (1<<8)
	484	#define OPT_P_PERSIST_IP (1<<9)
	485	#define OPT_P_COMP (1<<10) /* TODO */
	486	#define OPT_P_MESSAGES (1<<11)
	487	#define OPT_P_CRYPTO (1<<12) /* TODO */
	488	#define OPT_P_TLS_PARMS (1<<13) /* TODO */
	489	#define OPT_P_MTU (1<<14) /* TODO */
	490	#define OPT_P_NICE (1<<15)
	491	#define OPT_P_PUSH (1<<16)
	492	#define OPT_P_INSTANCE (1<<17)
	493	#define OPT_P_CONFIG (1<<18)
	494	#define OPT_P_EXPLICIT_NOTIFY (1<<19)
	495	#define OPT_P_ECHO (1<<20)
	496	#define OPT_P_INHERIT (1<<21)
3c7f2f55 JY	497	#define OPT_P_ROUTE_EXTRAS (1<<22)
	498	#define OPT_P_PULL_MODE (1<<23)
	499	#define OPT_P_PLUGIN (1<<24)
00d39170 JY	500	#define OPT_P_SOCKBUF (1<<25)
00d39170 JY	501	#define OPT_P_SOCKFLAGS (1<<26)
6fbf66fa	502
3c7f2f55	503	#define OPT_P_DEFAULT (~(OPT_P_INSTANCE\|OPT_P_PULL_MODE))
6fbf66fa JY	504
	505	#if P2MP
	506	#define PULL_DEFINED(opt) ((opt)->pull)
	507	#if P2MP_SERVER
	508	#define PUSH_DEFINED(opt) ((opt)->push_list)
	509	#endif
	510	#endif
	511
	512	#ifndef PULL_DEFINED
	513	#define PULL_DEFINED(opt) (false)
	514	#endif
	515
	516	#ifndef PUSH_DEFINED
	517	#define PUSH_DEFINED(opt) (false)
	518	#endif
	519
	520	#ifdef WIN32
	521	#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
	522	#else
	523	#define ROUTE_OPTION_FLAGS(o) (0)
	524	#endif
	525
	526	#ifdef HAVE_GETTIMEOFDAY
	527	#define SHAPER_DEFINED(opt) ((opt)->shaper)
	528	#else
	529	#define SHAPER_DEFINED(opt) (false)
	530	#endif
	531
	532	#ifdef ENABLE_PLUGIN
	533	#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
	534	#else
	535	#define PLUGIN_OPTION_LIST(opt) (NULL)
	536	#endif
	537
90efcacb JY	538	#ifdef MANAGEMENT_DEF_AUTH
	539	#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
	540	#else
	541	#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
	542	#endif
	543
6fbf66fa JY	544	void parse_argv (struct options *options,
	545	const int argc,
	546	char *argv[],
	547	const int msglevel,
	548	const unsigned int permission_mask,
	549	unsigned int *option_types_found,
	550	struct env_set *es);
	551
	552	void notnull (const char arg, const char description);
	553
	554	void usage_small (void);
	555
	556	void init_options (struct options *o);
	557	void uninit_options (struct options *o);
	558
	559	void setenv_settings (struct env_set es, const struct options o);
	560	void show_settings (const struct options *o);
	561
	562	bool string_defined_equal (const char s1, const char s2);
	563
	564	#ifdef ENABLE_OCC
	565
	566	const char options_string_version (const char s, struct gc_arena *gc);
	567
	568	char options_string (const struct options o,
	569	const struct frame *frame,
	570	struct tuntap *tt,
	571	bool remote,
	572	struct gc_arena *gc);
	573
	574	int options_cmp_equal_safe (char actual, const char expected, size_t actual_n);
	575	void options_warning_safe (char actual, const char expected, size_t actual_n);
	576	int options_cmp_equal (char actual, const char expected);
	577	void options_warning (char actual, const char expected);
	578
	579	#endif
	580
	581	void options_postprocess (struct options *options, bool first_time);
	582
	583	void pre_pull_save (struct options *o);
	584	void pre_pull_restore (struct options *o);
	585
	586	bool apply_push_options (struct options *options,
	587	struct buffer *buf,
	588	unsigned int permission_mask,
	589	unsigned int *option_types_found,
	590	struct env_set *es);
	591
	592	bool is_persist_option (const struct options *o);
	593	bool is_stateful_restart (const struct options *o);
	594
	595	void options_detach (struct options *o);
	596
	597	void options_server_import (struct options *o,
	598	const char *filename,
	599	int msglevel,
	600	unsigned int permission_mask,
	601	unsigned int *option_types_found,
	602	struct env_set *es);
	603
	604	void pre_pull_default (struct options *o);
	605
	606	void rol_check_alloc (struct options *options);
	607
608	int parse_line (const char *line,
609	char *p[],
610	const int n,
611	const char *file,
612	const int line_num,
613	int msglevel,
614	struct gc_arena *gc);
615
3c7f2f55 JY	616	/*
	617	* parse/print topology coding
	618	*/
	619
	620	int parse_topology (const char *str, const int msglevel);
	621	const char *print_topology (const int topology);
	622
6fbf66fa JY	623	/*
	624	* Manage auth-retry variable
	625	*/
	626
	627	#if P2MP
	628
	629	#define AR_NONE 0
	630	#define AR_INTERACT 1
	631	#define AR_NOINTERACT 2
	632
	633	int auth_retry_get (void);
	634	bool auth_retry_set (const int msglevel, const char *option);
	635	const char *auth_retry_print (void);
	636
	637	#endif
	638
90efcacb	639	void options_string_import (struct options *options,
3c7f2f55 JY	640	const char *config,
	641	const int msglevel,
	642	const unsigned int permission_mask,
	643	unsigned int *option_types_found,
	644	struct env_set *es);
	645
	646	#endif