]> git.ipfire.org Git - thirdparty/openvpn.git/blame - src/openvpn/options.h
projects / thirdparty / openvpn.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add topology in sample server configuration file
[thirdparty/openvpn.git] / src / openvpn / options.h
CommitLineData
6fbf66fa
JY		 1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
564a2109 8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
6fbf66fa
JY		 9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25/*
26 * 2004-01-28: Added Socks5 proxy support
27 * (Christof Meerwald, http://cmeerw.org)
28 */
29
30#ifndef OPTIONS_H
31#define OPTIONS_H
32
33#include "basic.h"
34#include "common.h"
35#include "mtu.h"
36#include "route.h"
37#include "tun.h"
38#include "socket.h"
39#include "plugin.h"
40#include "manage.h"
41#include "proxy.h"
38d96bd7 42#include "comp.h"
3eee126e 43#include "pushlist.h"
581bef87 44#include "clinat.h"
6fbf66fa
JY		 45
46/*
47 * Maximum number of parameters associated with an option,
48 * including the option name itself.
49 */
50#define MAX_PARMS 16
51
52/*
53 * Max size of options line and parameter.
54 */
55#define OPTION_PARM_SIZE 256
56#define OPTION_LINE_SIZE 256
57
58extern const char title_string[];
59
60#if P2MP
61
6fbf66fa
JY		 62/* certain options are saved before --pull modifications are applied */
63struct options_pre_pull
64{
65 bool tuntap_options_defined;
66 struct tuntap_options tuntap_options;
67
68 bool routes_defined;
673f583f 69 struct route_option_list *routes;
6fbf66fa 70
91402236
GD		 71 bool routes_ipv6_defined;
72 struct route_ipv6_option_list *routes_ipv6;
73
581bef87
JY		 74#ifdef ENABLE_CLIENT_NAT
75 bool client_nat_defined;
76 struct client_nat_option_list *client_nat;
77#endif
78
6fbf66fa
JY		 79 int foreign_option_index;
80};
81
253329a8 82#endif
9b33b5a4 83#if defined(ENABLE_CRYPTO) && !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_POLARSSL)
253329a8 84# error "At least one of OpenSSL or PolarSSL needs to be defined."
6fbf66fa
JY		 85#endif
86
4e9a51d7
JY		 87struct connection_entry
88{
89 int proto;
30077d1f 90 sa_family_t af;
076fd3e4 91 const char* local_port;
4e9a51d7 92 bool local_port_defined;
e719a053 93 const char *remote_port;
4e9a51d7
JY		 94 const char *local;
95 const char *remote;
96 bool remote_float;
97 bool bind_defined;
8832c6c4 98 bool bind_ipv6_only;
4e9a51d7
JY		 99 bool bind_local;
100 int connect_retry_seconds;
4e9a51d7
JY		 101 int connect_timeout;
102 bool connect_timeout_defined;
103#ifdef ENABLE_HTTP_PROXY
104 struct http_proxy_options *http_proxy_options;
105#endif
106#ifdef ENABLE_SOCKS
107 const char *socks_proxy_server;
076fd3e4 108 const char *socks_proxy_port;
fc1fa9ff 109 const char *socks_proxy_authfile;
4e9a51d7
JY		 110 bool socks_proxy_retry;
111#endif
3cf6c932 112
76809cae
JJK		 113 int tun_mtu; /* MTU of tun device */
114 bool tun_mtu_defined; /* true if user overriding parm with command line option */
115 int tun_mtu_extra;
116 bool tun_mtu_extra_defined;
117 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
118 bool link_mtu_defined; /* true if user overriding parm with command line option */
119
120 /* Advanced MTU negotiation and datagram fragmentation options */
121 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
122
123 int fragment; /* internal fragmentation size */
124 int mssfix; /* Upper bound on TCP MSS */
125 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
126
127#ifdef ENABLE_OCC
128 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT message */
129#endif
130
3cf6c932 131# define CE_DISABLED (1<<0)
af1bf85a 132# define CE_MAN_QUERY_PROXY (1<<1)
54561af6
JY		 133# define CE_MAN_QUERY_REMOTE_UNDEF 0
134# define CE_MAN_QUERY_REMOTE_QUERY 1
135# define CE_MAN_QUERY_REMOTE_ACCEPT 2
136# define CE_MAN_QUERY_REMOTE_MOD 3
137# define CE_MAN_QUERY_REMOTE_SKIP 4
138# define CE_MAN_QUERY_REMOTE_MASK (0x07)
139# define CE_MAN_QUERY_REMOTE_SHIFT (2)
3cf6c932 140 unsigned int flags;
4e9a51d7
JY		 141};
142
143struct remote_entry
144{
145 const char *remote;
076fd3e4 146 const char *remote_port;
4e9a51d7 147 int proto;
30077d1f 148 sa_family_t af;
4e9a51d7
JY		 149};
150
4e9a51d7
JY		 151#define CONNECTION_LIST_SIZE 64
152
153struct connection_list
154{
155 int len;
156 int current;
4e9a51d7
JY		 157 struct connection_entry *array[CONNECTION_LIST_SIZE];
158};
159
160struct remote_list
161{
162 int len;
163 struct remote_entry *array[CONNECTION_LIST_SIZE];
164};
165
54561af6
JY		 166struct remote_host_store
167{
168# define RH_HOST_LEN 80
169 char host[RH_HOST_LEN];
076fd3e4
AS		 170#define RH_PORT_LEN 20
171 char port[RH_PORT_LEN];
54561af6 172};
54561af6 173
6fbf66fa
JY		 174/* Command line options */
175struct options
176{
177 struct gc_arena gc;
4e9a51d7 178 bool gc_owned;
6fbf66fa
JY		 179
180 /* first config file */
181 const char *config;
182
183 /* major mode */
184# define MODE_POINT_TO_POINT 0
185# define MODE_SERVER 1
186 int mode;
187
373faab1
JY		 188 /* enable forward compatibility for post-2.1 features */
189 bool forward_compatible;
b685a1e6
AS		 190 /* list of options that should be ignored even if unkown */
191 const char ** ignore_unknown_option;
373faab1 192
6fbf66fa
JY		 193 /* persist parms */
194 bool persist_config;
195 int persist_mode;
196
9b33b5a4 197#ifdef ENABLE_CRYPTO
6fbf66fa
JY		 198 const char *key_pass_file;
199 bool show_ciphers;
200 bool show_digests;
201 bool show_engines;
9b33b5a4 202#ifdef ENABLE_SSL
6fbf66fa 203 bool show_tls_ciphers;
609e8131 204 bool show_curves;
6fbf66fa
JY		 205#endif
206 bool genkey;
207#endif
208
209 /* Networking parms */
23d61c56 210 int connect_retry_max;
4e9a51d7 211 struct connection_entry ce;
4e9a51d7 212 struct connection_list *connection_list;
23d61c56 213
6fbf66fa 214 struct remote_list *remote_list;
23d61c56
AS		 215 /* Do not advanced the connection or remote addr list*/
216 bool no_advance;
217 /* Counts the number of unsuccessful connection attempts */
218 unsigned int unsuccessful_attempts;
4e9a51d7 219
af1bf85a 220#if HTTP_PROXY_OVERRIDE
3cf6c932 221 struct http_proxy_options *http_proxy_override;
3cf6c932
JY		 222#endif
223
54561af6 224 struct remote_host_store *rh_store;
54561af6 225
6fbf66fa
JY		 226 bool remote_random;
227 const char *ipchange;
6fbf66fa
JY		 228 const char *dev;
229 const char *dev_type;
230 const char *dev_node;
e12fe286 231 const char *lladdr;
3c7f2f55 232 int topology; /* one of the TOP_x values from proto.h */
6fbf66fa
JY		 233 const char *ifconfig_local;
234 const char *ifconfig_remote_netmask;
512cda46 235 const char *ifconfig_ipv6_local;
1840c852 236 int ifconfig_ipv6_netbits;
512cda46 237 const char *ifconfig_ipv6_remote;
6fbf66fa
JY		 238 bool ifconfig_noexec;
239 bool ifconfig_nowarn;
3d163bc5 240#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 241 int shaper;
242#endif
6fbf66fa 243
51e6e5b0
JY		 244 int proto_force;
245
6fbf66fa
JY		 246#ifdef ENABLE_OCC
247 bool mtu_test;
248#endif
249
ffea644c
JY		 250#ifdef ENABLE_MEMSTATS
251 char *memstats_fn;
252#endif
253
6fbf66fa
JY		 254 bool mlock;
255
256 int keepalive_ping; /* a proxy for ping/ping-restart */
257 int keepalive_timeout;
258
838911cc
JY		 259 int inactivity_timeout; /* --inactive */
260 int inactivity_minimum_bytes;
261
6fbf66fa
JY		 262 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
263 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
264 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
265 bool tun_ipv6; /* Build tun dev that supports IPv6 */
266
267# define PING_UNDEF 0
268# define PING_EXIT 1
269# define PING_RESTART 2
270 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
271
6fbf66fa
JY		 272 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
273 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
274 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
275 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
276
6fbf66fa
JY		 277#if PASSTOS_CAPABILITY
278 bool passtos;
279#endif
280
281 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
e719a053
AS		 282 bool resolve_in_advance;
283 const char *ip_remote_hint;
6fbf66fa
JY		 284
285 struct tuntap_options tuntap_options;
286
287 /* Misc parms */
288 const char *username;
289 const char *groupname;
290 const char *chroot_dir;
291 const char *cd_dir;
cd5990e0 292#ifdef ENABLE_SELINUX
99385447
JY		 293 char *selinux_context;
294#endif
6fbf66fa
JY		 295 const char *writepid;
296 const char *up_script;
297 const char *down_script;
9b6a5028 298 bool user_script_used;
6fbf66fa
JY		 299 bool down_pre;
300 bool up_delay;
301 bool up_restart;
302 bool daemon;
303
304 int remap_sigusr1;
305
306 /* inetd modes defined in socket.h */
307 int inetd;
308
309 bool log;
310 bool suppress_timestamps;
8f7d5e67 311 bool machine_readable_output;
6fbf66fa
JY		 312 int nice;
313 int verbosity;
314 int mute;
315
316#ifdef ENABLE_DEBUG
317 int gremlin;
318#endif
319
320 const char *status_file;
321 int status_file_version;
322 int status_file_update_freq;
323
324 /* optimize TUN/TAP/UDP writes */
325 bool fast_io;
326
38d96bd7
JY		 327#ifdef USE_COMP
328 struct compress_options comp;
6fbf66fa
JY		 329#endif
330
331 /* buffer sizes */
332 int rcvbuf;
333 int sndbuf;
334
d90428d1
HH		 335 /* mark value */
336 int mark;
337
00d39170
JY		 338 /* socket flags */
339 unsigned int sockflags;
340
6fbf66fa
JY		 341 /* route management */
342 const char *route_script;
415421c2 343 const char *route_predown_script;
6fbf66fa 344 const char *route_default_gateway;
40ac3d7a 345 int route_default_metric;
6fbf66fa
JY		 346 bool route_noexec;
347 int route_delay;
348 int route_delay_window;
349 bool route_delay_defined;
350 struct route_option_list *routes;
512cda46 351 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
3c7f2f55 352 bool route_nopull;
03731db3 353 bool route_gateway_via_dhcp;
0a838de8 354 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
6fbf66fa 355
581bef87
JY		 356#ifdef ENABLE_CLIENT_NAT
357 struct client_nat_option_list *client_nat;
358#endif
359
6fbf66fa
JY		 360#ifdef ENABLE_OCC
361 /* Enable options consistency check between peers */
362 bool occ;
363#endif
364
365#ifdef ENABLE_MANAGEMENT
366 const char *management_addr;
076fd3e4 367 const char *management_port;
6fbf66fa
JY		 368 const char *management_user_pass;
369 int management_log_history_cache;
370 int management_echo_buffer_size;
371 int management_state_buffer_size;
8d33c060 372 const char *management_write_peer_info_file;
90efcacb 373
bb564a59
JY		 374 const char *management_client_user;
375 const char *management_client_group;
376
90efcacb
JY		 377 /* Mask of MF_ values of manage.h */
378 unsigned int management_flags;
6fbf66fa
JY		 379#endif
380
381#ifdef ENABLE_PLUGIN
382 struct plugin_option_list *plugin_list;
383#endif
384
ea5e091e 385
b70d99fb 386
6fbf66fa
JY		 387#if P2MP
388
389#if P2MP_SERVER
ea5e091e
AS		 390 /* the tmp dir is for now only used in the P2P server context */
391 const char *tmp_dir;
6fbf66fa
JY		 392 bool server_defined;
393 in_addr_t server_network;
394 in_addr_t server_netmask;
512cda46
GD		 395 bool server_ipv6_defined; /* IPv6 */
396 struct in6_addr server_network_ipv6; /* IPv6 */
397 unsigned int server_netbits_ipv6; /* IPv6 */
6fbf66fa 398
3c7f2f55 399# define SF_NOPOOL (1<<0)
ae3b3746 400# define SF_TCP_NODELAY_HELPER (1<<1)
148329ca 401# define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
3c7f2f55
JY		 402 unsigned int server_flags;
403
03731db3
JY		 404 bool server_bridge_proxy_dhcp;
405
6fbf66fa
JY		 406 bool server_bridge_defined;
407 in_addr_t server_bridge_ip;
408 in_addr_t server_bridge_netmask;
409 in_addr_t server_bridge_pool_start;
410 in_addr_t server_bridge_pool_end;
411
3eee126e 412 struct push_list push_list;
6fbf66fa
JY		 413 bool ifconfig_pool_defined;
414 in_addr_t ifconfig_pool_start;
415 in_addr_t ifconfig_pool_end;
416 in_addr_t ifconfig_pool_netmask;
417 const char *ifconfig_pool_persist_filename;
418 int ifconfig_pool_persist_refresh_freq;
512cda46
GD		 419
420 bool ifconfig_ipv6_pool_defined; /* IPv6 */
421 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
422 int ifconfig_ipv6_pool_netbits; /* IPv6 */
423
6fbf66fa
JY		 424 int real_hash_size;
425 int virtual_hash_size;
426 const char *client_connect_script;
427 const char *client_disconnect_script;
428 const char *learn_address_script;
6fbf66fa
JY		 429 const char *client_config_dir;
430 bool ccd_exclusive;
431 bool disable;
432 int n_bcast_buf;
433 int tcp_queue_limit;
434 struct iroute *iroutes;
512cda46 435 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
6fbf66fa
JY		 436 bool push_ifconfig_defined;
437 in_addr_t push_ifconfig_local;
438 in_addr_t push_ifconfig_remote_netmask;
581bef87
JY		 439#ifdef ENABLE_CLIENT_NAT
440 in_addr_t push_ifconfig_local_alias;
441#endif
3c7f2f55
JY		 442 bool push_ifconfig_constraint_defined;
443 in_addr_t push_ifconfig_constraint_network;
444 in_addr_t push_ifconfig_constraint_netmask;
1840c852
GD		 445 bool push_ifconfig_ipv6_defined; /* IPv6 */
446 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
447 int push_ifconfig_ipv6_netbits; /* IPv6 */
448 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
6fbf66fa
JY		 449 bool enable_c2c;
450 bool duplicate_cn;
451 int cf_max;
452 int cf_per;
453 int max_clients;
454 int max_routes_per_client;
3a957aae
DG		 455 int stale_routes_check_interval;
456 int stale_routes_ageing_time;
6fbf66fa 457
6fbf66fa
JY		 458 const char *auth_user_pass_verify_script;
459 bool auth_user_pass_verify_script_via_file;
6add6b2f
JY		 460#if PORT_SHARE
461 char *port_share_host;
076fd3e4 462 char *port_share_port;
1c5ff772 463 const char *port_share_journal_dir;
6add6b2f 464#endif
6fbf66fa
JY		 465#endif
466
467 bool client;
468 bool pull; /* client pull of config options from server */
3eee126e 469 int push_continuation;
1aac9a0b 470 unsigned int push_option_types_found;
6fbf66fa
JY		 471 const char *auth_user_pass_file;
472 struct options_pre_pull *pre_pull;
473
e1e977f3
JY		 474 int server_poll_timeout;
475
6fbf66fa
JY		 476 int scheduled_exit_interval;
477
75987303
JY		 478#ifdef ENABLE_CLIENT_CR
479 struct static_challenge_info sc_info;
480#endif
6fbf66fa
JY		 481#endif
482
9b33b5a4 483#ifdef ENABLE_CRYPTO
6fbf66fa
JY		 484 /* Cipher parms */
485 const char *shared_secret_file;
c959fc74 486 const char *shared_secret_file_inline;
6fbf66fa
JY		 487 int key_direction;
488 bool ciphername_defined;
489 const char *ciphername;
490 bool authname_defined;
491 const char *authname;
492 int keysize;
03bfb228
JY		 493 const char *prng_hash;
494 int prng_nonce_secret_len;
6fbf66fa
JY		 495 const char *engine;
496 bool replay;
497 bool mute_replay_warnings;
498 int replay_window;
499 int replay_time;
500 const char *packet_id_file;
501 bool use_iv;
502 bool test_crypto;
0f25d296
AJ		 503#ifdef ENABLE_PREDICTION_RESISTANCE
504 bool use_prediction_resistance;
505#endif
6fbf66fa 506
9b33b5a4 507#ifdef ENABLE_SSL
6fbf66fa
JY		 508 /* TLS (control channel) parms */
509 bool tls_server;
510 bool tls_client;
511 const char *ca_file;
e9c5e170 512 const char *ca_path;
6fbf66fa
JY		 513 const char *dh_file;
514 const char *cert_file;
7966d75a 515 const char *extra_certs_file;
6fbf66fa
JY		 516 const char *priv_key_file;
517 const char *pkcs12_file;
518 const char *cipher_list;
609e8131 519 const char *ecdh_curve;
6fbf66fa 520 const char *tls_verify;
9f0fc745
HH		 521 int verify_x509_type;
522 const char *verify_x509_name;
39238d1b 523 const char *tls_export_cert;
6fbf66fa 524 const char *crl_file;
d40f2b20 525
d40f2b20
JY		 526 const char *ca_file_inline;
527 const char *cert_file_inline;
7966d75a 528 const char *extra_certs_file_inline;
d40f2b20
JY		 529 char *priv_key_file_inline;
530 const char *dh_file_inline;
2e8ff6c1 531 const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
d40f2b20 532
06d22777 533 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
411e89ae
JY		 534 unsigned remote_cert_ku[MAX_PARMS];
535 const char *remote_cert_eku;
7966d75a 536 uint8_t *verify_hash;
e4359af4 537 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
bed73623
JY		 538
539#ifdef ENABLE_PKCS11
ce98fd24 540 const char *pkcs11_providers[MAX_PARMS];
718526e0 541 unsigned pkcs11_private_mode[MAX_PARMS];
18597b93
JY		 542 bool pkcs11_protected_authentication[MAX_PARMS];
543 bool pkcs11_cert_private[MAX_PARMS];
544 int pkcs11_pin_cache_period;
ce98fd24 545 const char *pkcs11_id;
1bda73a7 546 bool pkcs11_id_management;
bed73623
JY		 547#endif
548
93c22ecc 549#ifdef ENABLE_CRYPTOAPI
6fbf66fa
JY		 550 const char *cryptoapi_cert;
551#endif
552
553 /* data channel key exchange method */
554 int key_method;
555
556 /* Per-packet timeout on control channel */
557 int tls_timeout;
558
559 /* Data channel key renegotiation parameters */
560 int renegotiate_bytes;
561 int renegotiate_packets;
562 int renegotiate_seconds;
563
564 /* Data channel key handshake must finalize
565 within n seconds of handshake initiation. */
566 int handshake_window;
567
fbd18db6 568#ifdef ENABLE_X509ALTUSERNAME
2e8337de
EM		 569 /* Field used to be the username in X509 cert. */
570 char *x509_username_field;
fbd18db6 571#endif
2e8337de 572
6fbf66fa
JY		 573 /* Old key allowed to live n seconds after new key goes active */
574 int transition_window;
575
576 /* Special authentication MAC for TLS control channel */
577 const char *tls_auth_file; /* shared secret */
c959fc74 578 const char *tls_auth_file_inline;
6fbf66fa
JY		 579
580 /* Allow only one session */
581 bool single_session;
582
aaf72974
JY		 583#ifdef ENABLE_PUSH_PEER_INFO
584 bool push_peer_info;
585#endif
586
6fbf66fa
JY		 587 bool tls_exit;
588
9b33b5a4
ABL		 589#endif /* ENABLE_SSL */
590#endif /* ENABLE_CRYPTO */
6fbf66fa 591
9356bae8
JY		 592#ifdef ENABLE_X509_TRACK
593 const struct x509_track *x509_track;
594#endif
595
6fbf66fa
JY		 596 /* special state parms */
597 int foreign_option_index;
598
599#ifdef WIN32
600 const char *exit_event_name;
601 bool exit_event_initial_state;
602 bool show_net_up;
603 int route_method;
604#endif
605};
606
607#define streq(x, y) (!strcmp((x), (y)))
608
609/*
610 * Option classes.
611 */
612#define OPT_P_GENERAL (1<<0)
613#define OPT_P_UP (1<<1)
614#define OPT_P_ROUTE (1<<2)
615#define OPT_P_IPWIN32 (1<<3)
616#define OPT_P_SCRIPT (1<<4)
617#define OPT_P_SETENV (1<<5)
618#define OPT_P_SHAPER (1<<6)
619#define OPT_P_TIMER (1<<7)
620#define OPT_P_PERSIST (1<<8)
621#define OPT_P_PERSIST_IP (1<<9)
622#define OPT_P_COMP (1<<10) /* TODO */
623#define OPT_P_MESSAGES (1<<11)
624#define OPT_P_CRYPTO (1<<12) /* TODO */
625#define OPT_P_TLS_PARMS (1<<13) /* TODO */
626#define OPT_P_MTU (1<<14) /* TODO */
627#define OPT_P_NICE (1<<15)
628#define OPT_P_PUSH (1<<16)
629#define OPT_P_INSTANCE (1<<17)
630#define OPT_P_CONFIG (1<<18)
631#define OPT_P_EXPLICIT_NOTIFY (1<<19)
632#define OPT_P_ECHO (1<<20)
633#define OPT_P_INHERIT (1<<21)
3c7f2f55
JY		 634#define OPT_P_ROUTE_EXTRAS (1<<22)
635#define OPT_P_PULL_MODE (1<<23)
636#define OPT_P_PLUGIN (1<<24)
00d39170
JY		 637#define OPT_P_SOCKBUF (1<<25)
638#define OPT_P_SOCKFLAGS (1<<26)
4e9a51d7 639#define OPT_P_CONNECTION (1<<27)
6fbf66fa 640
3c7f2f55 641#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
6fbf66fa
JY		 642
643#if P2MP
644#define PULL_DEFINED(opt) ((opt)->pull)
645#if P2MP_SERVER
646#define PUSH_DEFINED(opt) ((opt)->push_list)
647#endif
648#endif
649
650#ifndef PULL_DEFINED
651#define PULL_DEFINED(opt) (false)
652#endif
653
654#ifndef PUSH_DEFINED
655#define PUSH_DEFINED(opt) (false)
656#endif
657
658#ifdef WIN32
659#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
660#else
661#define ROUTE_OPTION_FLAGS(o) (0)
662#endif
663
3d163bc5 664#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 665#define SHAPER_DEFINED(opt) ((opt)->shaper)
666#else
667#define SHAPER_DEFINED(opt) (false)
668#endif
669
670#ifdef ENABLE_PLUGIN
671#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
672#else
673#define PLUGIN_OPTION_LIST(opt) (NULL)
674#endif
675
90efcacb
JY		 676#ifdef MANAGEMENT_DEF_AUTH
677#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
678#else
679#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
680#endif
681
6fbf66fa
JY		 682void parse_argv (struct options *options,
683 const int argc,
684 char *argv[],
685 const int msglevel,
686 const unsigned int permission_mask,
687 unsigned int *option_types_found,
688 struct env_set *es);
689
690void notnull (const char *arg, const char *description);
691
692void usage_small (void);
693
5b17803e
JY		 694void show_library_versions(const unsigned int flags);
695
4e9a51d7 696void init_options (struct options *o, const bool init_gc);
6fbf66fa
JY		 697void uninit_options (struct options *o);
698
699void setenv_settings (struct env_set *es, const struct options *o);
700void show_settings (const struct options *o);
701
702bool string_defined_equal (const char *s1, const char *s2);
703
704#ifdef ENABLE_OCC
705
706const char *options_string_version (const char* s, struct gc_arena *gc);
707
708char *options_string (const struct options *o,
709 const struct frame *frame,
710 struct tuntap *tt,
711 bool remote,
712 struct gc_arena *gc);
713
bb564a59 714bool options_cmp_equal_safe (char *actual, const char *expected, size_t actual_n);
6fbf66fa 715void options_warning_safe (char *actual, const char *expected, size_t actual_n);
bb564a59 716bool options_cmp_equal (char *actual, const char *expected);
6fbf66fa
JY		 717void options_warning (char *actual, const char *expected);
718
719#endif
720
4e9a51d7 721void options_postprocess (struct options *options);
6fbf66fa
JY		 722
723void pre_pull_save (struct options *o);
d0085293 724void pre_pull_restore (struct options *o, struct gc_arena *gc);
6fbf66fa
JY		 725
726bool apply_push_options (struct options *options,
727 struct buffer *buf,
728 unsigned int permission_mask,
729 unsigned int *option_types_found,
730 struct env_set *es);
731
6fbf66fa
JY		 732void options_detach (struct options *o);
733
734void options_server_import (struct options *o,
735 const char *filename,
736 int msglevel,
737 unsigned int permission_mask,
738 unsigned int *option_types_found,
739 struct env_set *es);
740
741void pre_pull_default (struct options *o);
742
743void rol_check_alloc (struct options *options);
744
745int parse_line (const char *line,
746 char *p[],
747 const int n,
748 const char *file,
749 const int line_num,
750 int msglevel,
751 struct gc_arena *gc);
752
3c7f2f55
JY		 753/*
754 * parse/print topology coding
755 */
756
757int parse_topology (const char *str, const int msglevel);
758const char *print_topology (const int topology);
759
6fbf66fa
JY		 760/*
761 * Manage auth-retry variable
762 */
763
764#if P2MP
765
766#define AR_NONE 0
767#define AR_INTERACT 1
768#define AR_NOINTERACT 2
769
770int auth_retry_get (void);
771bool auth_retry_set (const int msglevel, const char *option);
772const char *auth_retry_print (void);
773
774#endif
775
90efcacb 776void options_string_import (struct options *options,
3c7f2f55
JY		 777 const char *config,
778 const int msglevel,
779 const unsigned int permission_mask,
780 unsigned int *option_types_found,
781 struct env_set *es);
782
512cda46 783bool get_ipv6_addr( const char * prefix_str, struct in6_addr *network,
1840c852
GD		 784 unsigned int * netbits, char ** printable_ipv6,
785 int msglevel );
512cda46 786
4e9a51d7 787
3c7f2f55 788#endif
Mirror of https://github.com/OpenVPN/openvpn.git