]> git.ipfire.org Git - thirdparty/openvpn.git/blame - src/openvpn/options.h
projects / thirdparty / openvpn.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Added support for new PolarSSL 1.1 RNG
[thirdparty/openvpn.git] / src / openvpn / options.h
CommitLineData
6fbf66fa
JY		 1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
564a2109 8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
6fbf66fa
JY		 9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25/*
26 * 2004-01-28: Added Socks5 proxy support
27 * (Christof Meerwald, http://cmeerw.org)
28 */
29
30#ifndef OPTIONS_H
31#define OPTIONS_H
32
33#include "basic.h"
34#include "common.h"
35#include "mtu.h"
36#include "route.h"
37#include "tun.h"
38#include "socket.h"
39#include "plugin.h"
40#include "manage.h"
41#include "proxy.h"
537073fd 42#include "lzo.h"
3eee126e 43#include "pushlist.h"
581bef87 44#include "clinat.h"
6fbf66fa
JY		 45
46/*
47 * Maximum number of parameters associated with an option,
48 * including the option name itself.
49 */
50#define MAX_PARMS 16
51
52/*
53 * Max size of options line and parameter.
54 */
55#define OPTION_PARM_SIZE 256
56#define OPTION_LINE_SIZE 256
57
58extern const char title_string[];
59
60#if P2MP
61
6fbf66fa
JY		 62/* certain options are saved before --pull modifications are applied */
63struct options_pre_pull
64{
65 bool tuntap_options_defined;
66 struct tuntap_options tuntap_options;
67
68 bool routes_defined;
673f583f 69 struct route_option_list *routes;
6fbf66fa 70
91402236
GD		 71 bool routes_ipv6_defined;
72 struct route_ipv6_option_list *routes_ipv6;
73
581bef87
JY		 74#ifdef ENABLE_CLIENT_NAT
75 bool client_nat_defined;
76 struct client_nat_option_list *client_nat;
77#endif
78
6fbf66fa
JY		 79 int foreign_option_index;
80};
81
253329a8 82#endif
9b33b5a4 83#if defined(ENABLE_CRYPTO) && !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_POLARSSL)
253329a8 84# error "At least one of OpenSSL or PolarSSL needs to be defined."
6fbf66fa
JY		 85#endif
86
4e9a51d7
JY		 87struct connection_entry
88{
89 int proto;
90 int local_port;
91 bool local_port_defined;
92 int remote_port;
93 bool port_option_used;
94 const char *local;
95 const char *remote;
96 bool remote_float;
97 bool bind_defined;
98 bool bind_local;
99 int connect_retry_seconds;
100 bool connect_retry_defined;
101 int connect_retry_max;
102 int connect_timeout;
103 bool connect_timeout_defined;
104#ifdef ENABLE_HTTP_PROXY
105 struct http_proxy_options *http_proxy_options;
106#endif
107#ifdef ENABLE_SOCKS
108 const char *socks_proxy_server;
109 int socks_proxy_port;
fc1fa9ff 110 const char *socks_proxy_authfile;
4e9a51d7
JY		 111 bool socks_proxy_retry;
112#endif
3cf6c932 113
76809cae
JJK		 114 int tun_mtu; /* MTU of tun device */
115 bool tun_mtu_defined; /* true if user overriding parm with command line option */
116 int tun_mtu_extra;
117 bool tun_mtu_extra_defined;
118 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
119 bool link_mtu_defined; /* true if user overriding parm with command line option */
120
121 /* Advanced MTU negotiation and datagram fragmentation options */
122 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
123
124 int fragment; /* internal fragmentation size */
125 int mssfix; /* Upper bound on TCP MSS */
126 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
127
128#ifdef ENABLE_OCC
129 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT message */
130#endif
131
3cf6c932
JY		 132# define CE_DISABLED (1<<0)
133#if HTTP_PROXY_FALLBACK
134# define CE_HTTP_PROXY_FALLBACK (1<<1)
135 time_t ce_http_proxy_fallback_timestamp; /* time when fallback http_proxy_options was last updated */
136#endif
54561af6
JY		 137#if MANAGEMENT_QUERY_REMOTE
138# define CE_MAN_QUERY_REMOTE_UNDEF 0
139# define CE_MAN_QUERY_REMOTE_QUERY 1
140# define CE_MAN_QUERY_REMOTE_ACCEPT 2
141# define CE_MAN_QUERY_REMOTE_MOD 3
142# define CE_MAN_QUERY_REMOTE_SKIP 4
143# define CE_MAN_QUERY_REMOTE_MASK (0x07)
144# define CE_MAN_QUERY_REMOTE_SHIFT (2)
145#endif
3cf6c932 146 unsigned int flags;
4e9a51d7
JY		 147};
148
149struct remote_entry
150{
151 const char *remote;
152 int remote_port;
153 int proto;
154};
155
156#ifdef ENABLE_CONNECTION
157
158#define CONNECTION_LIST_SIZE 64
159
160struct connection_list
161{
162 int len;
163 int current;
3cf6c932 164 int n_cycles;
4e9a51d7
JY		 165 bool no_advance;
166 struct connection_entry *array[CONNECTION_LIST_SIZE];
167};
168
169struct remote_list
170{
171 int len;
172 struct remote_entry *array[CONNECTION_LIST_SIZE];
173};
174
175#endif
176
3cf6c932
JY		 177#if HTTP_PROXY_FALLBACK
178struct hpo_store
179{
180 struct http_proxy_options hpo;
181 char server[80];
182};
183#endif
184
54561af6
JY		 185#if MANAGEMENT_QUERY_REMOTE
186struct remote_host_store
187{
188# define RH_HOST_LEN 80
189 char host[RH_HOST_LEN];
190};
191#endif
192
6fbf66fa
JY		 193/* Command line options */
194struct options
195{
196 struct gc_arena gc;
4e9a51d7 197 bool gc_owned;
6fbf66fa
JY		 198
199 /* first config file */
200 const char *config;
201
202 /* major mode */
203# define MODE_POINT_TO_POINT 0
204# define MODE_SERVER 1
205 int mode;
206
373faab1
JY		 207 /* enable forward compatibility for post-2.1 features */
208 bool forward_compatible;
209
6fbf66fa
JY		 210 /* persist parms */
211 bool persist_config;
212 int persist_mode;
213
9b33b5a4 214#ifdef ENABLE_CRYPTO
6fbf66fa
JY		 215 const char *key_pass_file;
216 bool show_ciphers;
217 bool show_digests;
218 bool show_engines;
9b33b5a4 219#ifdef ENABLE_SSL
6fbf66fa
JY		 220 bool show_tls_ciphers;
221#endif
222 bool genkey;
223#endif
224
225 /* Networking parms */
4e9a51d7
JY		 226 struct connection_entry ce;
227
228#ifdef ENABLE_CONNECTION
3cf6c932 229 char *remote_ip_hint;
4e9a51d7 230 struct connection_list *connection_list;
6fbf66fa 231 struct remote_list *remote_list;
3cf6c932 232 bool force_connection_list;
4e9a51d7
JY		 233#endif
234
235#ifdef GENERAL_PROXY_SUPPORT
236 struct auto_proxy_info *auto_proxy_info;
237#endif
238
3cf6c932
JY		 239#if HTTP_PROXY_FALLBACK
240 bool http_proxy_fallback;
241 struct http_proxy_options *http_proxy_override;
242 struct hpo_store *hpo_store; /* used to store dynamic proxy info given by management interface */
243#endif
244
54561af6
JY		 245#if MANAGEMENT_QUERY_REMOTE
246 struct remote_host_store *rh_store;
247#endif
248
6fbf66fa
JY		 249 bool remote_random;
250 const char *ipchange;
6fbf66fa
JY		 251 const char *dev;
252 const char *dev_type;
253 const char *dev_node;
e12fe286 254 const char *lladdr;
3c7f2f55 255 int topology; /* one of the TOP_x values from proto.h */
6fbf66fa
JY		 256 const char *ifconfig_local;
257 const char *ifconfig_remote_netmask;
512cda46 258 const char *ifconfig_ipv6_local;
1840c852 259 int ifconfig_ipv6_netbits;
512cda46 260 const char *ifconfig_ipv6_remote;
6fbf66fa
JY		 261 bool ifconfig_noexec;
262 bool ifconfig_nowarn;
3d163bc5 263#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 264 int shaper;
265#endif
6fbf66fa 266
51e6e5b0
JY		 267 int proto_force;
268
6fbf66fa
JY		 269#ifdef ENABLE_OCC
270 bool mtu_test;
271#endif
272
ffea644c
JY		 273#ifdef ENABLE_MEMSTATS
274 char *memstats_fn;
275#endif
276
6fbf66fa
JY		 277 bool mlock;
278
279 int keepalive_ping; /* a proxy for ping/ping-restart */
280 int keepalive_timeout;
281
838911cc
JY		 282 int inactivity_timeout; /* --inactive */
283 int inactivity_minimum_bytes;
284
6fbf66fa
JY		 285 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
286 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
287 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
288 bool tun_ipv6; /* Build tun dev that supports IPv6 */
289
290# define PING_UNDEF 0
291# define PING_EXIT 1
292# define PING_RESTART 2
293 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
294
6fbf66fa
JY		 295 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
296 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
297 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
298 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
299
6fbf66fa
JY		 300#if PASSTOS_CAPABILITY
301 bool passtos;
302#endif
303
304 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
305
306 struct tuntap_options tuntap_options;
307
308 /* Misc parms */
309 const char *username;
310 const char *groupname;
311 const char *chroot_dir;
312 const char *cd_dir;
cd5990e0 313#ifdef ENABLE_SELINUX
99385447
JY		 314 char *selinux_context;
315#endif
6fbf66fa
JY		 316 const char *writepid;
317 const char *up_script;
318 const char *down_script;
319 bool down_pre;
320 bool up_delay;
321 bool up_restart;
322 bool daemon;
323
324 int remap_sigusr1;
325
326 /* inetd modes defined in socket.h */
327 int inetd;
328
329 bool log;
330 bool suppress_timestamps;
331 int nice;
332 int verbosity;
333 int mute;
334
335#ifdef ENABLE_DEBUG
336 int gremlin;
337#endif
338
339 const char *status_file;
340 int status_file_version;
341 int status_file_update_freq;
342
343 /* optimize TUN/TAP/UDP writes */
344 bool fast_io;
345
74bbc71b 346#ifdef ENABLE_LZO
537073fd
JY		 347 /* LZO_x flags from lzo.h */
348 unsigned int lzo;
6fbf66fa
JY		 349#endif
350
351 /* buffer sizes */
352 int rcvbuf;
353 int sndbuf;
354
d90428d1
HH		 355 /* mark value */
356 int mark;
357
00d39170
JY		 358 /* socket flags */
359 unsigned int sockflags;
360
6fbf66fa
JY		 361 /* route management */
362 const char *route_script;
415421c2 363 const char *route_predown_script;
6fbf66fa 364 const char *route_default_gateway;
40ac3d7a 365 int route_default_metric;
6fbf66fa
JY		 366 bool route_noexec;
367 int route_delay;
368 int route_delay_window;
369 bool route_delay_defined;
673f583f 370 int max_routes;
6fbf66fa 371 struct route_option_list *routes;
512cda46 372 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
3c7f2f55 373 bool route_nopull;
03731db3 374 bool route_gateway_via_dhcp;
0a838de8 375 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
6fbf66fa 376
581bef87
JY		 377#ifdef ENABLE_CLIENT_NAT
378 struct client_nat_option_list *client_nat;
379#endif
380
6fbf66fa
JY		 381#ifdef ENABLE_OCC
382 /* Enable options consistency check between peers */
383 bool occ;
384#endif
385
386#ifdef ENABLE_MANAGEMENT
387 const char *management_addr;
388 int management_port;
389 const char *management_user_pass;
390 int management_log_history_cache;
391 int management_echo_buffer_size;
392 int management_state_buffer_size;
8d33c060 393 const char *management_write_peer_info_file;
90efcacb 394
bb564a59
JY		 395 const char *management_client_user;
396 const char *management_client_group;
397
90efcacb
JY		 398 /* Mask of MF_ values of manage.h */
399 unsigned int management_flags;
6fbf66fa
JY		 400#endif
401
402#ifdef ENABLE_PLUGIN
403 struct plugin_option_list *plugin_list;
404#endif
405
b70d99fb
GZ		 406 const char *tmp_dir;
407
6fbf66fa
JY		 408#if P2MP
409
410#if P2MP_SERVER
411 bool server_defined;
412 in_addr_t server_network;
413 in_addr_t server_netmask;
512cda46
GD		 414 bool server_ipv6_defined; /* IPv6 */
415 struct in6_addr server_network_ipv6; /* IPv6 */
416 unsigned int server_netbits_ipv6; /* IPv6 */
6fbf66fa 417
3c7f2f55 418# define SF_NOPOOL (1<<0)
ae3b3746 419# define SF_TCP_NODELAY_HELPER (1<<1)
148329ca 420# define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
3c7f2f55
JY		 421 unsigned int server_flags;
422
03731db3
JY		 423 bool server_bridge_proxy_dhcp;
424
6fbf66fa
JY		 425 bool server_bridge_defined;
426 in_addr_t server_bridge_ip;
427 in_addr_t server_bridge_netmask;
428 in_addr_t server_bridge_pool_start;
429 in_addr_t server_bridge_pool_end;
430
3eee126e 431 struct push_list push_list;
6fbf66fa
JY		 432 bool ifconfig_pool_defined;
433 in_addr_t ifconfig_pool_start;
434 in_addr_t ifconfig_pool_end;
435 in_addr_t ifconfig_pool_netmask;
436 const char *ifconfig_pool_persist_filename;
437 int ifconfig_pool_persist_refresh_freq;
512cda46
GD		 438
439 bool ifconfig_ipv6_pool_defined; /* IPv6 */
440 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
441 int ifconfig_ipv6_pool_netbits; /* IPv6 */
442
6fbf66fa
JY		 443 int real_hash_size;
444 int virtual_hash_size;
445 const char *client_connect_script;
446 const char *client_disconnect_script;
447 const char *learn_address_script;
6fbf66fa
JY		 448 const char *client_config_dir;
449 bool ccd_exclusive;
450 bool disable;
451 int n_bcast_buf;
452 int tcp_queue_limit;
453 struct iroute *iroutes;
512cda46 454 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
6fbf66fa
JY		 455 bool push_ifconfig_defined;
456 in_addr_t push_ifconfig_local;
457 in_addr_t push_ifconfig_remote_netmask;
581bef87
JY		 458#ifdef ENABLE_CLIENT_NAT
459 in_addr_t push_ifconfig_local_alias;
460#endif
3c7f2f55
JY		 461 bool push_ifconfig_constraint_defined;
462 in_addr_t push_ifconfig_constraint_network;
463 in_addr_t push_ifconfig_constraint_netmask;
1840c852
GD		 464 bool push_ifconfig_ipv6_defined; /* IPv6 */
465 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
466 int push_ifconfig_ipv6_netbits; /* IPv6 */
467 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
6fbf66fa
JY		 468 bool enable_c2c;
469 bool duplicate_cn;
470 int cf_max;
471 int cf_per;
472 int max_clients;
473 int max_routes_per_client;
3a957aae
DG		 474 int stale_routes_check_interval;
475 int stale_routes_ageing_time;
6fbf66fa 476
6fbf66fa
JY		 477 const char *auth_user_pass_verify_script;
478 bool auth_user_pass_verify_script_via_file;
6add6b2f
JY		 479#if PORT_SHARE
480 char *port_share_host;
481 int port_share_port;
1c5ff772 482 const char *port_share_journal_dir;
6add6b2f 483#endif
6fbf66fa
JY		 484#endif
485
486 bool client;
487 bool pull; /* client pull of config options from server */
3eee126e 488 int push_continuation;
6fbf66fa
JY		 489 const char *auth_user_pass_file;
490 struct options_pre_pull *pre_pull;
491
e1e977f3
JY		 492 int server_poll_timeout;
493
6fbf66fa
JY		 494 int scheduled_exit_interval;
495
75987303
JY		 496#ifdef ENABLE_CLIENT_CR
497 struct static_challenge_info sc_info;
498#endif
6fbf66fa
JY		 499#endif
500
9b33b5a4 501#ifdef ENABLE_CRYPTO
6fbf66fa
JY		 502 /* Cipher parms */
503 const char *shared_secret_file;
c959fc74
JY		 504#if ENABLE_INLINE_FILES
505 const char *shared_secret_file_inline;
506#endif
6fbf66fa
JY		 507 int key_direction;
508 bool ciphername_defined;
509 const char *ciphername;
510 bool authname_defined;
511 const char *authname;
512 int keysize;
03bfb228
JY		 513 const char *prng_hash;
514 int prng_nonce_secret_len;
6fbf66fa
JY		 515 const char *engine;
516 bool replay;
517 bool mute_replay_warnings;
518 int replay_window;
519 int replay_time;
520 const char *packet_id_file;
521 bool use_iv;
522 bool test_crypto;
523
9b33b5a4 524#ifdef ENABLE_SSL
6fbf66fa
JY		 525 /* TLS (control channel) parms */
526 bool tls_server;
527 bool tls_client;
528 const char *ca_file;
e9c5e170 529 const char *ca_path;
6fbf66fa
JY		 530 const char *dh_file;
531 const char *cert_file;
7966d75a 532 const char *extra_certs_file;
6fbf66fa
JY		 533 const char *priv_key_file;
534 const char *pkcs12_file;
535 const char *cipher_list;
536 const char *tls_verify;
39238d1b 537 const char *tls_export_cert;
6fbf66fa
JY		 538 const char *tls_remote;
539 const char *crl_file;
d40f2b20
JY		 540
541#if ENABLE_INLINE_FILES
542 const char *ca_file_inline;
543 const char *cert_file_inline;
7966d75a 544 const char *extra_certs_file_inline;
d40f2b20
JY		 545 char *priv_key_file_inline;
546 const char *dh_file_inline;
2e8ff6c1 547 const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
d40f2b20
JY		 548#endif
549
06d22777 550 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
411e89ae
JY		 551 unsigned remote_cert_ku[MAX_PARMS];
552 const char *remote_cert_eku;
7966d75a 553 uint8_t *verify_hash;
e4359af4 554 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
bed73623
JY		 555
556#ifdef ENABLE_PKCS11
ce98fd24 557 const char *pkcs11_providers[MAX_PARMS];
718526e0 558 unsigned pkcs11_private_mode[MAX_PARMS];
18597b93
JY		 559 bool pkcs11_protected_authentication[MAX_PARMS];
560 bool pkcs11_cert_private[MAX_PARMS];
561 int pkcs11_pin_cache_period;
ce98fd24 562 const char *pkcs11_id;
1bda73a7 563 bool pkcs11_id_management;
bed73623
JY		 564#endif
565
93c22ecc 566#ifdef ENABLE_CRYPTOAPI
6fbf66fa
JY		 567 const char *cryptoapi_cert;
568#endif
569
570 /* data channel key exchange method */
571 int key_method;
572
573 /* Per-packet timeout on control channel */
574 int tls_timeout;
575
576 /* Data channel key renegotiation parameters */
577 int renegotiate_bytes;
578 int renegotiate_packets;
579 int renegotiate_seconds;
580
581 /* Data channel key handshake must finalize
582 within n seconds of handshake initiation. */
583 int handshake_window;
584
fbd18db6 585#ifdef ENABLE_X509ALTUSERNAME
2e8337de
EM		 586 /* Field used to be the username in X509 cert. */
587 char *x509_username_field;
fbd18db6 588#endif
2e8337de 589
6fbf66fa
JY		 590 /* Old key allowed to live n seconds after new key goes active */
591 int transition_window;
592
593 /* Special authentication MAC for TLS control channel */
594 const char *tls_auth_file; /* shared secret */
c959fc74
JY		 595#if ENABLE_INLINE_FILES
596 const char *tls_auth_file_inline;
597#endif
6fbf66fa
JY		 598
599 /* Allow only one session */
600 bool single_session;
601
aaf72974
JY		 602#ifdef ENABLE_PUSH_PEER_INFO
603 bool push_peer_info;
604#endif
605
6fbf66fa
JY		 606 bool tls_exit;
607
9b33b5a4
ABL		 608#endif /* ENABLE_SSL */
609#endif /* ENABLE_CRYPTO */
6fbf66fa 610
9356bae8
JY		 611#ifdef ENABLE_X509_TRACK
612 const struct x509_track *x509_track;
613#endif
614
6fbf66fa
JY		 615 /* special state parms */
616 int foreign_option_index;
617
618#ifdef WIN32
619 const char *exit_event_name;
620 bool exit_event_initial_state;
621 bool show_net_up;
622 int route_method;
623#endif
624};
625
626#define streq(x, y) (!strcmp((x), (y)))
627
628/*
629 * Option classes.
630 */
631#define OPT_P_GENERAL (1<<0)
632#define OPT_P_UP (1<<1)
633#define OPT_P_ROUTE (1<<2)
634#define OPT_P_IPWIN32 (1<<3)
635#define OPT_P_SCRIPT (1<<4)
636#define OPT_P_SETENV (1<<5)
637#define OPT_P_SHAPER (1<<6)
638#define OPT_P_TIMER (1<<7)
639#define OPT_P_PERSIST (1<<8)
640#define OPT_P_PERSIST_IP (1<<9)
641#define OPT_P_COMP (1<<10) /* TODO */
642#define OPT_P_MESSAGES (1<<11)
643#define OPT_P_CRYPTO (1<<12) /* TODO */
644#define OPT_P_TLS_PARMS (1<<13) /* TODO */
645#define OPT_P_MTU (1<<14) /* TODO */
646#define OPT_P_NICE (1<<15)
647#define OPT_P_PUSH (1<<16)
648#define OPT_P_INSTANCE (1<<17)
649#define OPT_P_CONFIG (1<<18)
650#define OPT_P_EXPLICIT_NOTIFY (1<<19)
651#define OPT_P_ECHO (1<<20)
652#define OPT_P_INHERIT (1<<21)
3c7f2f55
JY		 653#define OPT_P_ROUTE_EXTRAS (1<<22)
654#define OPT_P_PULL_MODE (1<<23)
655#define OPT_P_PLUGIN (1<<24)
00d39170
JY		 656#define OPT_P_SOCKBUF (1<<25)
657#define OPT_P_SOCKFLAGS (1<<26)
4e9a51d7 658#define OPT_P_CONNECTION (1<<27)
6fbf66fa 659
3c7f2f55 660#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
6fbf66fa
JY		 661
662#if P2MP
663#define PULL_DEFINED(opt) ((opt)->pull)
664#if P2MP_SERVER
665#define PUSH_DEFINED(opt) ((opt)->push_list)
666#endif
667#endif
668
669#ifndef PULL_DEFINED
670#define PULL_DEFINED(opt) (false)
671#endif
672
673#ifndef PUSH_DEFINED
674#define PUSH_DEFINED(opt) (false)
675#endif
676
677#ifdef WIN32
678#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
679#else
680#define ROUTE_OPTION_FLAGS(o) (0)
681#endif
682
3d163bc5 683#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 684#define SHAPER_DEFINED(opt) ((opt)->shaper)
685#else
686#define SHAPER_DEFINED(opt) (false)
687#endif
688
689#ifdef ENABLE_PLUGIN
690#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
691#else
692#define PLUGIN_OPTION_LIST(opt) (NULL)
693#endif
694
90efcacb
JY		 695#ifdef MANAGEMENT_DEF_AUTH
696#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
697#else
698#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
699#endif
700
6fbf66fa
JY		 701void parse_argv (struct options *options,
702 const int argc,
703 char *argv[],
704 const int msglevel,
705 const unsigned int permission_mask,
706 unsigned int *option_types_found,
707 struct env_set *es);
708
709void notnull (const char *arg, const char *description);
710
711void usage_small (void);
712
4e9a51d7 713void init_options (struct options *o, const bool init_gc);
6fbf66fa
JY		 714void uninit_options (struct options *o);
715
716void setenv_settings (struct env_set *es, const struct options *o);
717void show_settings (const struct options *o);
718
719bool string_defined_equal (const char *s1, const char *s2);
720
721#ifdef ENABLE_OCC
722
723const char *options_string_version (const char* s, struct gc_arena *gc);
724
725char *options_string (const struct options *o,
726 const struct frame *frame,
727 struct tuntap *tt,
728 bool remote,
729 struct gc_arena *gc);
730
bb564a59 731bool options_cmp_equal_safe (char *actual, const char *expected, size_t actual_n);
6fbf66fa 732void options_warning_safe (char *actual, const char *expected, size_t actual_n);
bb564a59 733bool options_cmp_equal (char *actual, const char *expected);
6fbf66fa
JY		 734void options_warning (char *actual, const char *expected);
735
736#endif
737
4e9a51d7 738void options_postprocess (struct options *options);
6fbf66fa
JY		 739
740void pre_pull_save (struct options *o);
741void pre_pull_restore (struct options *o);
742
743bool apply_push_options (struct options *options,
744 struct buffer *buf,
745 unsigned int permission_mask,
746 unsigned int *option_types_found,
747 struct env_set *es);
748
749bool is_persist_option (const struct options *o);
750bool is_stateful_restart (const struct options *o);
751
752void options_detach (struct options *o);
753
754void options_server_import (struct options *o,
755 const char *filename,
756 int msglevel,
757 unsigned int permission_mask,
758 unsigned int *option_types_found,
759 struct env_set *es);
760
761void pre_pull_default (struct options *o);
762
763void rol_check_alloc (struct options *options);
764
765int parse_line (const char *line,
766 char *p[],
767 const int n,
768 const char *file,
769 const int line_num,
770 int msglevel,
771 struct gc_arena *gc);
772
3c7f2f55
JY		 773/*
774 * parse/print topology coding
775 */
776
777int parse_topology (const char *str, const int msglevel);
778const char *print_topology (const int topology);
779
6fbf66fa
JY		 780/*
781 * Manage auth-retry variable
782 */
783
784#if P2MP
785
786#define AR_NONE 0
787#define AR_INTERACT 1
788#define AR_NOINTERACT 2
789
790int auth_retry_get (void);
791bool auth_retry_set (const int msglevel, const char *option);
792const char *auth_retry_print (void);
793
794#endif
795
90efcacb 796void options_string_import (struct options *options,
3c7f2f55
JY		 797 const char *config,
798 const int msglevel,
799 const unsigned int permission_mask,
800 unsigned int *option_types_found,
801 struct env_set *es);
802
512cda46 803bool get_ipv6_addr( const char * prefix_str, struct in6_addr *network,
1840c852
GD		 804 unsigned int * netbits, char ** printable_ipv6,
805 int msglevel );
512cda46 806
4e9a51d7
JY		 807/*
808 * inline functions
809 */
810static inline bool
811connection_list_defined (const struct options *o)
812{
813#ifdef ENABLE_CONNECTION
814 return o->connection_list != NULL;
815#else
816 return false;
817#endif
818}
819
820static inline void
821connection_list_set_no_advance (struct options *o)
822{
823#ifdef ENABLE_CONNECTION
824 if (o->connection_list)
825 o->connection_list->no_advance = true;
826#endif
827}
828
3cf6c932
JY		 829#if HTTP_PROXY_FALLBACK
830
831struct http_proxy_options *
832parse_http_proxy_fallback (struct context *c,
833 const char *server,
834 const char *port,
835 const char *flags,
836 const int msglevel);
837
838#endif /* HTTP_PROXY_FALLBACK */
839
3c7f2f55 840#endif
Mirror of https://github.com/OpenVPN/openvpn.git