]> git.ipfire.org Git - thirdparty/openvpn.git/blame - src/openvpn/options.h
projects / thirdparty / openvpn.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dev-tools: Add reformat-all.sh for code style unification
[thirdparty/openvpn.git] / src / openvpn / options.h
CommitLineData
6fbf66fa
JY		 1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
564a2109 8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
6fbf66fa
JY		 9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25/*
26 * 2004-01-28: Added Socks5 proxy support
27 * (Christof Meerwald, http://cmeerw.org)
28 */
29
30#ifndef OPTIONS_H
31#define OPTIONS_H
32
33#include "basic.h"
34#include "common.h"
35#include "mtu.h"
36#include "route.h"
37#include "tun.h"
38#include "socket.h"
39#include "plugin.h"
40#include "manage.h"
41#include "proxy.h"
38d96bd7 42#include "comp.h"
3eee126e 43#include "pushlist.h"
581bef87 44#include "clinat.h"
6fbf66fa
JY		 45
46/*
47 * Maximum number of parameters associated with an option,
48 * including the option name itself.
49 */
50#define MAX_PARMS 16
51
52/*
53 * Max size of options line and parameter.
54 */
55#define OPTION_PARM_SIZE 256
56#define OPTION_LINE_SIZE 256
57
58extern const char title_string[];
59
60#if P2MP
61
6fbf66fa
JY		 62/* certain options are saved before --pull modifications are applied */
63struct options_pre_pull
64{
65 bool tuntap_options_defined;
66 struct tuntap_options tuntap_options;
67
68 bool routes_defined;
673f583f 69 struct route_option_list *routes;
6fbf66fa 70
91402236
GD		 71 bool routes_ipv6_defined;
72 struct route_ipv6_option_list *routes_ipv6;
73
581bef87
JY		 74 bool client_nat_defined;
75 struct client_nat_option_list *client_nat;
581bef87 76
6fbf66fa
JY		 77 int foreign_option_index;
78};
79
253329a8 80#endif
86d8cd68
SK		 81#if defined(ENABLE_CRYPTO) && !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
82# error "At least one of OpenSSL or mbed TLS needs to be defined."
6fbf66fa
JY		 83#endif
84
4e9a51d7
JY		 85struct connection_entry
86{
87 int proto;
30077d1f 88 sa_family_t af;
076fd3e4 89 const char* local_port;
4e9a51d7 90 bool local_port_defined;
e719a053 91 const char *remote_port;
4e9a51d7
JY		 92 const char *local;
93 const char *remote;
94 bool remote_float;
95 bool bind_defined;
8832c6c4 96 bool bind_ipv6_only;
4e9a51d7
JY		 97 bool bind_local;
98 int connect_retry_seconds;
5d429efd 99 int connect_retry_seconds_max;
4e9a51d7 100 int connect_timeout;
4e9a51d7 101 struct http_proxy_options *http_proxy_options;
4e9a51d7 102 const char *socks_proxy_server;
076fd3e4 103 const char *socks_proxy_port;
fc1fa9ff 104 const char *socks_proxy_authfile;
3cf6c932 105
76809cae
JJK		 106 int tun_mtu; /* MTU of tun device */
107 bool tun_mtu_defined; /* true if user overriding parm with command line option */
108 int tun_mtu_extra;
109 bool tun_mtu_extra_defined;
110 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
111 bool link_mtu_defined; /* true if user overriding parm with command line option */
112
113 /* Advanced MTU negotiation and datagram fragmentation options */
114 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
115
116 int fragment; /* internal fragmentation size */
117 int mssfix; /* Upper bound on TCP MSS */
118 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
119
8dd9ff8c 120 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
76809cae 121
3cf6c932 122# define CE_DISABLED (1<<0)
af1bf85a 123# define CE_MAN_QUERY_PROXY (1<<1)
54561af6
JY		 124# define CE_MAN_QUERY_REMOTE_UNDEF 0
125# define CE_MAN_QUERY_REMOTE_QUERY 1
126# define CE_MAN_QUERY_REMOTE_ACCEPT 2
127# define CE_MAN_QUERY_REMOTE_MOD 3
128# define CE_MAN_QUERY_REMOTE_SKIP 4
129# define CE_MAN_QUERY_REMOTE_MASK (0x07)
130# define CE_MAN_QUERY_REMOTE_SHIFT (2)
3cf6c932 131 unsigned int flags;
4e9a51d7
JY		 132};
133
134struct remote_entry
135{
136 const char *remote;
076fd3e4 137 const char *remote_port;
4e9a51d7 138 int proto;
30077d1f 139 sa_family_t af;
4e9a51d7
JY		 140};
141
4e9a51d7
JY		 142#define CONNECTION_LIST_SIZE 64
143
144struct connection_list
145{
146 int len;
147 int current;
4e9a51d7
JY		 148 struct connection_entry *array[CONNECTION_LIST_SIZE];
149};
150
151struct remote_list
152{
153 int len;
154 struct remote_entry *array[CONNECTION_LIST_SIZE];
155};
156
54561af6
JY		 157struct remote_host_store
158{
159# define RH_HOST_LEN 80
160 char host[RH_HOST_LEN];
076fd3e4
AS		 161#define RH_PORT_LEN 20
162 char port[RH_PORT_LEN];
54561af6 163};
54561af6 164
6fbf66fa
JY		 165/* Command line options */
166struct options
167{
168 struct gc_arena gc;
4e9a51d7 169 bool gc_owned;
6fbf66fa
JY		 170
171 /* first config file */
172 const char *config;
173
174 /* major mode */
175# define MODE_POINT_TO_POINT 0
176# define MODE_SERVER 1
177 int mode;
178
373faab1
JY		 179 /* enable forward compatibility for post-2.1 features */
180 bool forward_compatible;
b685a1e6
AS		 181 /* list of options that should be ignored even if unkown */
182 const char ** ignore_unknown_option;
373faab1 183
6fbf66fa
JY		 184 /* persist parms */
185 bool persist_config;
186 int persist_mode;
187
9b33b5a4 188#ifdef ENABLE_CRYPTO
6fbf66fa
JY		 189 const char *key_pass_file;
190 bool show_ciphers;
191 bool show_digests;
192 bool show_engines;
6fbf66fa 193 bool show_tls_ciphers;
609e8131 194 bool show_curves;
6fbf66fa
JY		 195 bool genkey;
196#endif
197
198 /* Networking parms */
23d61c56 199 int connect_retry_max;
4e9a51d7 200 struct connection_entry ce;
4e9a51d7 201 struct connection_list *connection_list;
23d61c56 202
6fbf66fa 203 struct remote_list *remote_list;
23d61c56
AS		 204 /* Do not advanced the connection or remote addr list*/
205 bool no_advance;
206 /* Counts the number of unsuccessful connection attempts */
207 unsigned int unsuccessful_attempts;
4e9a51d7 208
a4b8f653 209#if ENABLE_MANAGEMENT
3cf6c932 210 struct http_proxy_options *http_proxy_override;
3cf6c932
JY		 211#endif
212
54561af6 213 struct remote_host_store *rh_store;
54561af6 214
6fbf66fa
JY		 215 bool remote_random;
216 const char *ipchange;
6fbf66fa
JY		 217 const char *dev;
218 const char *dev_type;
219 const char *dev_node;
e12fe286 220 const char *lladdr;
3c7f2f55 221 int topology; /* one of the TOP_x values from proto.h */
6fbf66fa
JY		 222 const char *ifconfig_local;
223 const char *ifconfig_remote_netmask;
512cda46 224 const char *ifconfig_ipv6_local;
1840c852 225 int ifconfig_ipv6_netbits;
512cda46 226 const char *ifconfig_ipv6_remote;
6fbf66fa
JY		 227 bool ifconfig_noexec;
228 bool ifconfig_nowarn;
3d163bc5 229#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 230 int shaper;
231#endif
6fbf66fa 232
51e6e5b0
JY		 233 int proto_force;
234
6fbf66fa
JY		 235#ifdef ENABLE_OCC
236 bool mtu_test;
237#endif
238
ffea644c
JY		 239#ifdef ENABLE_MEMSTATS
240 char *memstats_fn;
241#endif
242
6fbf66fa
JY		 243 bool mlock;
244
245 int keepalive_ping; /* a proxy for ping/ping-restart */
246 int keepalive_timeout;
247
838911cc
JY		 248 int inactivity_timeout; /* --inactive */
249 int inactivity_minimum_bytes;
250
6fbf66fa
JY		 251 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
252 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
253 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
6fbf66fa
JY		 254
255# define PING_UNDEF 0
256# define PING_EXIT 1
257# define PING_RESTART 2
258 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
259
6fbf66fa
JY		 260 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
261 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
262 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
263 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
264
6fbf66fa
JY		 265#if PASSTOS_CAPABILITY
266 bool passtos;
267#endif
268
269 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
e719a053
AS		 270 bool resolve_in_advance;
271 const char *ip_remote_hint;
6fbf66fa
JY		 272
273 struct tuntap_options tuntap_options;
274
275 /* Misc parms */
276 const char *username;
277 const char *groupname;
278 const char *chroot_dir;
279 const char *cd_dir;
cd5990e0 280#ifdef ENABLE_SELINUX
99385447
JY		 281 char *selinux_context;
282#endif
6fbf66fa
JY		 283 const char *writepid;
284 const char *up_script;
285 const char *down_script;
9b6a5028 286 bool user_script_used;
6fbf66fa
JY		 287 bool down_pre;
288 bool up_delay;
289 bool up_restart;
290 bool daemon;
291
292 int remap_sigusr1;
293
294 /* inetd modes defined in socket.h */
295 int inetd;
296
297 bool log;
298 bool suppress_timestamps;
8f7d5e67 299 bool machine_readable_output;
6fbf66fa
JY		 300 int nice;
301 int verbosity;
302 int mute;
303
304#ifdef ENABLE_DEBUG
305 int gremlin;
306#endif
307
308 const char *status_file;
309 int status_file_version;
310 int status_file_update_freq;
311
312 /* optimize TUN/TAP/UDP writes */
313 bool fast_io;
314
38d96bd7
JY		 315#ifdef USE_COMP
316 struct compress_options comp;
6fbf66fa
JY		 317#endif
318
319 /* buffer sizes */
320 int rcvbuf;
321 int sndbuf;
322
d90428d1
HH		 323 /* mark value */
324 int mark;
325
00d39170
JY		 326 /* socket flags */
327 unsigned int sockflags;
328
6fbf66fa
JY		 329 /* route management */
330 const char *route_script;
415421c2 331 const char *route_predown_script;
6fbf66fa 332 const char *route_default_gateway;
40ac3d7a 333 int route_default_metric;
6fbf66fa
JY		 334 bool route_noexec;
335 int route_delay;
336 int route_delay_window;
337 bool route_delay_defined;
338 struct route_option_list *routes;
512cda46 339 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
3c7f2f55 340 bool route_nopull;
03731db3 341 bool route_gateway_via_dhcp;
0a838de8 342 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
581bef87 343 struct client_nat_option_list *client_nat;
581bef87 344
6fbf66fa
JY		 345#ifdef ENABLE_OCC
346 /* Enable options consistency check between peers */
347 bool occ;
348#endif
349
350#ifdef ENABLE_MANAGEMENT
351 const char *management_addr;
076fd3e4 352 const char *management_port;
6fbf66fa
JY		 353 const char *management_user_pass;
354 int management_log_history_cache;
355 int management_echo_buffer_size;
356 int management_state_buffer_size;
8d33c060 357 const char *management_write_peer_info_file;
90efcacb 358
bb564a59
JY		 359 const char *management_client_user;
360 const char *management_client_group;
361
90efcacb
JY		 362 /* Mask of MF_ values of manage.h */
363 unsigned int management_flags;
39e3d336 364 const char *management_certificate;
6fbf66fa
JY		 365#endif
366
367#ifdef ENABLE_PLUGIN
368 struct plugin_option_list *plugin_list;
369#endif
370
ea5e091e 371
b70d99fb 372
6fbf66fa
JY		 373#if P2MP
374
375#if P2MP_SERVER
ea5e091e
AS		 376 /* the tmp dir is for now only used in the P2P server context */
377 const char *tmp_dir;
6fbf66fa
JY		 378 bool server_defined;
379 in_addr_t server_network;
380 in_addr_t server_netmask;
512cda46
GD		 381 bool server_ipv6_defined; /* IPv6 */
382 struct in6_addr server_network_ipv6; /* IPv6 */
383 unsigned int server_netbits_ipv6; /* IPv6 */
6fbf66fa 384
3c7f2f55 385# define SF_NOPOOL (1<<0)
ae3b3746 386# define SF_TCP_NODELAY_HELPER (1<<1)
148329ca 387# define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
3c7f2f55
JY		 388 unsigned int server_flags;
389
03731db3
JY		 390 bool server_bridge_proxy_dhcp;
391
6fbf66fa
JY		 392 bool server_bridge_defined;
393 in_addr_t server_bridge_ip;
394 in_addr_t server_bridge_netmask;
395 in_addr_t server_bridge_pool_start;
396 in_addr_t server_bridge_pool_end;
397
3eee126e 398 struct push_list push_list;
6fbf66fa
JY		 399 bool ifconfig_pool_defined;
400 in_addr_t ifconfig_pool_start;
401 in_addr_t ifconfig_pool_end;
402 in_addr_t ifconfig_pool_netmask;
403 const char *ifconfig_pool_persist_filename;
404 int ifconfig_pool_persist_refresh_freq;
512cda46
GD		 405
406 bool ifconfig_ipv6_pool_defined; /* IPv6 */
407 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
408 int ifconfig_ipv6_pool_netbits; /* IPv6 */
409
6fbf66fa
JY		 410 int real_hash_size;
411 int virtual_hash_size;
412 const char *client_connect_script;
413 const char *client_disconnect_script;
414 const char *learn_address_script;
6fbf66fa
JY		 415 const char *client_config_dir;
416 bool ccd_exclusive;
417 bool disable;
418 int n_bcast_buf;
419 int tcp_queue_limit;
420 struct iroute *iroutes;
512cda46 421 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
6fbf66fa
JY		 422 bool push_ifconfig_defined;
423 in_addr_t push_ifconfig_local;
424 in_addr_t push_ifconfig_remote_netmask;
581bef87 425 in_addr_t push_ifconfig_local_alias;
3c7f2f55
JY		 426 bool push_ifconfig_constraint_defined;
427 in_addr_t push_ifconfig_constraint_network;
428 in_addr_t push_ifconfig_constraint_netmask;
1840c852
GD		 429 bool push_ifconfig_ipv6_defined; /* IPv6 */
430 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
431 int push_ifconfig_ipv6_netbits; /* IPv6 */
432 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
970312f1 433 bool push_ifconfig_ipv6_blocked; /* IPv6 */
6fbf66fa
JY		 434 bool enable_c2c;
435 bool duplicate_cn;
436 int cf_max;
437 int cf_per;
438 int max_clients;
439 int max_routes_per_client;
3a957aae
DG		 440 int stale_routes_check_interval;
441 int stale_routes_ageing_time;
6fbf66fa 442
6fbf66fa
JY		 443 const char *auth_user_pass_verify_script;
444 bool auth_user_pass_verify_script_via_file;
58066d04
DS		 445 bool auth_token_generate;
446 unsigned int auth_token_lifetime;
6add6b2f
JY		 447#if PORT_SHARE
448 char *port_share_host;
076fd3e4 449 char *port_share_port;
1c5ff772 450 const char *port_share_journal_dir;
6add6b2f 451#endif
6fbf66fa
JY		 452#endif
453
454 bool client;
455 bool pull; /* client pull of config options from server */
3eee126e 456 int push_continuation;
1aac9a0b 457 unsigned int push_option_types_found;
6fbf66fa
JY		 458 const char *auth_user_pass_file;
459 struct options_pre_pull *pre_pull;
460
461 int scheduled_exit_interval;
462
75987303
JY		 463#ifdef ENABLE_CLIENT_CR
464 struct static_challenge_info sc_info;
465#endif
6fbf66fa
JY		 466#endif
467
9b33b5a4 468#ifdef ENABLE_CRYPTO
6fbf66fa
JY		 469 /* Cipher parms */
470 const char *shared_secret_file;
c959fc74 471 const char *shared_secret_file_inline;
6fbf66fa 472 int key_direction;
6fbf66fa 473 const char *ciphername;
d728ebed
SK		 474 bool ncp_enabled;
475 const char *ncp_ciphers;
6fbf66fa
JY		 476 const char *authname;
477 int keysize;
03bfb228
JY		 478 const char *prng_hash;
479 int prng_nonce_secret_len;
6fbf66fa
JY		 480 const char *engine;
481 bool replay;
482 bool mute_replay_warnings;
483 int replay_window;
484 int replay_time;
485 const char *packet_id_file;
486 bool use_iv;
487 bool test_crypto;
0f25d296
AJ		 488#ifdef ENABLE_PREDICTION_RESISTANCE
489 bool use_prediction_resistance;
490#endif
6fbf66fa 491
6fbf66fa
JY		 492 /* TLS (control channel) parms */
493 bool tls_server;
494 bool tls_client;
495 const char *ca_file;
e9c5e170 496 const char *ca_path;
6fbf66fa
JY		 497 const char *dh_file;
498 const char *cert_file;
7966d75a 499 const char *extra_certs_file;
6fbf66fa
JY		 500 const char *priv_key_file;
501 const char *pkcs12_file;
502 const char *cipher_list;
609e8131 503 const char *ecdh_curve;
6fbf66fa 504 const char *tls_verify;
9f0fc745
HH		 505 int verify_x509_type;
506 const char *verify_x509_name;
39238d1b 507 const char *tls_export_cert;
6fbf66fa 508 const char *crl_file;
d40f2b20 509
d40f2b20
JY		 510 const char *ca_file_inline;
511 const char *cert_file_inline;
7966d75a 512 const char *extra_certs_file_inline;
7a7a79f6 513 const char *crl_file_inline;
d40f2b20
JY		 514 char *priv_key_file_inline;
515 const char *dh_file_inline;
2e8ff6c1 516 const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
d40f2b20 517
06d22777 518 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
411e89ae
JY		 519 unsigned remote_cert_ku[MAX_PARMS];
520 const char *remote_cert_eku;
7966d75a 521 uint8_t *verify_hash;
e4359af4 522 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
bed73623
JY		 523
524#ifdef ENABLE_PKCS11
ce98fd24 525 const char *pkcs11_providers[MAX_PARMS];
718526e0 526 unsigned pkcs11_private_mode[MAX_PARMS];
18597b93
JY		 527 bool pkcs11_protected_authentication[MAX_PARMS];
528 bool pkcs11_cert_private[MAX_PARMS];
529 int pkcs11_pin_cache_period;
ce98fd24 530 const char *pkcs11_id;
1bda73a7 531 bool pkcs11_id_management;
bed73623
JY		 532#endif
533
93c22ecc 534#ifdef ENABLE_CRYPTOAPI
6fbf66fa
JY		 535 const char *cryptoapi_cert;
536#endif
537
538 /* data channel key exchange method */
539 int key_method;
540
541 /* Per-packet timeout on control channel */
542 int tls_timeout;
543
544 /* Data channel key renegotiation parameters */
545 int renegotiate_bytes;
546 int renegotiate_packets;
547 int renegotiate_seconds;
548
549 /* Data channel key handshake must finalize
550 within n seconds of handshake initiation. */
551 int handshake_window;
552
fbd18db6 553#ifdef ENABLE_X509ALTUSERNAME
2e8337de
EM		 554 /* Field used to be the username in X509 cert. */
555 char *x509_username_field;
fbd18db6 556#endif
2e8337de 557
6fbf66fa
JY		 558 /* Old key allowed to live n seconds after new key goes active */
559 int transition_window;
560
c6e24fa3
SK		 561 /* Shared secret used for TLS control channel authentication */
562 const char *tls_auth_file;
c959fc74 563 const char *tls_auth_file_inline;
6fbf66fa 564
c6e24fa3
SK		 565 /* Shared secret used for TLS control channel authenticated encryption */
566 const char *tls_crypt_file;
567 const char *tls_crypt_inline;
568
6fbf66fa
JY		 569 /* Allow only one session */
570 bool single_session;
571
aaf72974
JY		 572#ifdef ENABLE_PUSH_PEER_INFO
573 bool push_peer_info;
574#endif
575
6fbf66fa
JY		 576 bool tls_exit;
577
9b33b5a4 578#endif /* ENABLE_CRYPTO */
6fbf66fa 579
9356bae8 580 const struct x509_track *x509_track;
9356bae8 581
6fbf66fa
JY		 582 /* special state parms */
583 int foreign_option_index;
584
445b192a 585#ifdef _WIN32
a24dd2e3 586 HANDLE msg_channel;
6fbf66fa
JY		 587 const char *exit_event_name;
588 bool exit_event_initial_state;
589 bool show_net_up;
590 int route_method;
38c85658 591 bool block_outside_dns;
6fbf66fa 592#endif
65eedc35
LS		 593
594 bool use_peer_id;
595 uint32_t peer_id;
685e486e
DK		 596
597#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
598 /* Keying Material Exporters [RFC 5705] */
599 const char *keying_material_exporter_label;
600 int keying_material_exporter_length;
601#endif
7f74c27e
SN		 602
603 struct pull_filter_list *pull_filter_list;
e8c42658
LS		 604
605 /* Useful when packets sent by openvpn itself are not subject
606 to the routing tables that would move packets into the tunnel. */
607 bool allow_recursive_routing;
6fbf66fa
JY		 608};
609
610#define streq(x, y) (!strcmp((x), (y)))
611
612/*
613 * Option classes.
614 */
615#define OPT_P_GENERAL (1<<0)
616#define OPT_P_UP (1<<1)
617#define OPT_P_ROUTE (1<<2)
618#define OPT_P_IPWIN32 (1<<3)
619#define OPT_P_SCRIPT (1<<4)
620#define OPT_P_SETENV (1<<5)
621#define OPT_P_SHAPER (1<<6)
622#define OPT_P_TIMER (1<<7)
623#define OPT_P_PERSIST (1<<8)
624#define OPT_P_PERSIST_IP (1<<9)
625#define OPT_P_COMP (1<<10) /* TODO */
626#define OPT_P_MESSAGES (1<<11)
d728ebed 627#define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */
6fbf66fa
JY		 628#define OPT_P_TLS_PARMS (1<<13) /* TODO */
629#define OPT_P_MTU (1<<14) /* TODO */
630#define OPT_P_NICE (1<<15)
631#define OPT_P_PUSH (1<<16)
632#define OPT_P_INSTANCE (1<<17)
633#define OPT_P_CONFIG (1<<18)
634#define OPT_P_EXPLICIT_NOTIFY (1<<19)
635#define OPT_P_ECHO (1<<20)
636#define OPT_P_INHERIT (1<<21)
3c7f2f55
JY		 637#define OPT_P_ROUTE_EXTRAS (1<<22)
638#define OPT_P_PULL_MODE (1<<23)
639#define OPT_P_PLUGIN (1<<24)
00d39170
JY		 640#define OPT_P_SOCKBUF (1<<25)
641#define OPT_P_SOCKFLAGS (1<<26)
4e9a51d7 642#define OPT_P_CONNECTION (1<<27)
65eedc35 643#define OPT_P_PEER_ID (1<<28)
6fbf66fa 644
3c7f2f55 645#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
6fbf66fa
JY		 646
647#if P2MP
648#define PULL_DEFINED(opt) ((opt)->pull)
649#if P2MP_SERVER
650#define PUSH_DEFINED(opt) ((opt)->push_list)
651#endif
652#endif
653
654#ifndef PULL_DEFINED
655#define PULL_DEFINED(opt) (false)
656#endif
657
658#ifndef PUSH_DEFINED
659#define PUSH_DEFINED(opt) (false)
660#endif
661
445b192a 662#ifdef _WIN32
6fbf66fa
JY		 663#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
664#else
665#define ROUTE_OPTION_FLAGS(o) (0)
666#endif
667
3d163bc5 668#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 669#define SHAPER_DEFINED(opt) ((opt)->shaper)
670#else
671#define SHAPER_DEFINED(opt) (false)
672#endif
673
674#ifdef ENABLE_PLUGIN
675#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
676#else
677#define PLUGIN_OPTION_LIST(opt) (NULL)
678#endif
679
90efcacb
JY		 680#ifdef MANAGEMENT_DEF_AUTH
681#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
682#else
683#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
684#endif
685
6fbf66fa
JY		 686void parse_argv (struct options *options,
687 const int argc,
688 char *argv[],
689 const int msglevel,
690 const unsigned int permission_mask,
691 unsigned int *option_types_found,
692 struct env_set *es);
693
694void notnull (const char *arg, const char *description);
695
696void usage_small (void);
697
5b17803e
JY		 698void show_library_versions(const unsigned int flags);
699
445b192a 700#ifdef _WIN32
cdc65ea0
LS		 701void show_windows_version(const unsigned int flags);
702#endif
703
4e9a51d7 704void init_options (struct options *o, const bool init_gc);
6fbf66fa
JY		 705void uninit_options (struct options *o);
706
707void setenv_settings (struct env_set *es, const struct options *o);
708void show_settings (const struct options *o);
709
710bool string_defined_equal (const char *s1, const char *s2);
711
712#ifdef ENABLE_OCC
713
714const char *options_string_version (const char* s, struct gc_arena *gc);
715
716char *options_string (const struct options *o,
717 const struct frame *frame,
718 struct tuntap *tt,
719 bool remote,
720 struct gc_arena *gc);
721
bb564a59 722bool options_cmp_equal_safe (char *actual, const char *expected, size_t actual_n);
6fbf66fa 723void options_warning_safe (char *actual, const char *expected, size_t actual_n);
bb564a59 724bool options_cmp_equal (char *actual, const char *expected);
6fbf66fa
JY		 725void options_warning (char *actual, const char *expected);
726
727#endif
728
6e5ad2fa
SK		 729/**
730 * Given an OpenVPN options string, extract the value of an option.
731 *
732 * @param options_string Zero-terminated, comma-separated options string
733 * @param opt_name The name of the option to extract
734 * @param gc The gc to allocate the return value
735 *
736 * @return gc-allocated value of option with name opt_name if option was found,
737 * or NULL otherwise.
738 */
739char *options_string_extract_option (const char *options_string,
740 const char *opt_name, struct gc_arena *gc);
741
742
4e9a51d7 743void options_postprocess (struct options *options);
6fbf66fa
JY		 744
745void pre_pull_save (struct options *o);
d0085293 746void pre_pull_restore (struct options *o, struct gc_arena *gc);
6fbf66fa
JY		 747
748bool apply_push_options (struct options *options,
749 struct buffer *buf,
750 unsigned int permission_mask,
751 unsigned int *option_types_found,
752 struct env_set *es);
753
6fbf66fa
JY		 754void options_detach (struct options *o);
755
756void options_server_import (struct options *o,
757 const char *filename,
758 int msglevel,
759 unsigned int permission_mask,
760 unsigned int *option_types_found,
761 struct env_set *es);
762
763void pre_pull_default (struct options *o);
764
765void rol_check_alloc (struct options *options);
766
767int parse_line (const char *line,
768 char *p[],
769 const int n,
770 const char *file,
771 const int line_num,
772 int msglevel,
773 struct gc_arena *gc);
774
3c7f2f55
JY		 775/*
776 * parse/print topology coding
777 */
778
779int parse_topology (const char *str, const int msglevel);
780const char *print_topology (const int topology);
781
6fbf66fa
JY		 782/*
783 * Manage auth-retry variable
784 */
785
786#if P2MP
787
788#define AR_NONE 0
789#define AR_INTERACT 1
790#define AR_NOINTERACT 2
791
792int auth_retry_get (void);
793bool auth_retry_set (const int msglevel, const char *option);
794const char *auth_retry_print (void);
795
796#endif
797
90efcacb 798void options_string_import (struct options *options,
3c7f2f55
JY		 799 const char *config,
800 const int msglevel,
801 const unsigned int permission_mask,
802 unsigned int *option_types_found,
803 struct env_set *es);
804
512cda46 805bool get_ipv6_addr( const char * prefix_str, struct in6_addr *network,
4f19cd1d 806 unsigned int * netbits, int msglevel );
512cda46 807
4e9a51d7 808
3c7f2f55 809#endif
Mirror of https://github.com/OpenVPN/openvpn.git