]> git.ipfire.org Git - thirdparty/openvpn.git/blame - src/openvpn/options.h
projects / thirdparty / openvpn.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
interactive.c: fix usage of potentially uninitialized variable
[thirdparty/openvpn.git] / src / openvpn / options.h
CommitLineData
6fbf66fa
JY		 1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
49979459 8 * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
6fbf66fa
JY		 9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
caa54ac3
DS		 19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
6fbf66fa
JY		 22 */
23
24/*
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
27 */
28
29#ifndef OPTIONS_H
30#define OPTIONS_H
31
32#include "basic.h"
33#include "common.h"
34#include "mtu.h"
35#include "route.h"
36#include "tun.h"
37#include "socket.h"
38#include "plugin.h"
39#include "manage.h"
40#include "proxy.h"
38d96bd7 41#include "comp.h"
3eee126e 42#include "pushlist.h"
581bef87 43#include "clinat.h"
2193d7c0 44#include "crypto_backend.h"
2193d7c0 45
6fbf66fa
JY		 46
47/*
48 * Maximum number of parameters associated with an option,
49 * including the option name itself.
50 */
51#define MAX_PARMS 16
52
53/*
54 * Max size of options line and parameter.
55 */
56#define OPTION_PARM_SIZE 256
57#define OPTION_LINE_SIZE 256
58
59extern const char title_string[];
60
61#if P2MP
62
6fbf66fa
JY		 63/* certain options are saved before --pull modifications are applied */
64struct options_pre_pull
65{
81d882d5
DS		 66 bool tuntap_options_defined;
67 struct tuntap_options tuntap_options;
6fbf66fa 68
81d882d5
DS		 69 bool routes_defined;
70 struct route_option_list *routes;
6fbf66fa 71
81d882d5
DS		 72 bool routes_ipv6_defined;
73 struct route_ipv6_option_list *routes_ipv6;
91402236 74
81d882d5
DS		 75 bool client_nat_defined;
76 struct client_nat_option_list *client_nat;
581bef87 77
81d882d5 78 int foreign_option_index;
6fbf66fa
JY		 79};
80
253329a8 81#endif
c7ca9133 82#if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
81d882d5 83#error "At least one of OpenSSL or mbed TLS needs to be defined."
6fbf66fa
JY		 84#endif
85
4e9a51d7
JY		 86struct connection_entry
87{
81d882d5
DS		 88 int proto;
89 sa_family_t af;
90 const char *local_port;
91 bool local_port_defined;
92 const char *remote_port;
93 const char *local;
94 const char *remote;
95 bool remote_float;
96 bool bind_defined;
97 bool bind_ipv6_only;
98 bool bind_local;
99 int connect_retry_seconds;
100 int connect_retry_seconds_max;
101 int connect_timeout;
102 struct http_proxy_options *http_proxy_options;
103 const char *socks_proxy_server;
104 const char *socks_proxy_port;
105 const char *socks_proxy_authfile;
106
107 int tun_mtu; /* MTU of tun device */
108 bool tun_mtu_defined; /* true if user overriding parm with command line option */
109 int tun_mtu_extra;
110 bool tun_mtu_extra_defined;
111 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
112 bool link_mtu_defined; /* true if user overriding parm with command line option */
113
114 /* Advanced MTU negotiation and datagram fragmentation options */
115 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
116
117 int fragment; /* internal fragmentation size */
118 int mssfix; /* Upper bound on TCP MSS */
119 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
120
121 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
122
123#define CE_DISABLED (1<<0)
124#define CE_MAN_QUERY_PROXY (1<<1)
125#define CE_MAN_QUERY_REMOTE_UNDEF 0
126#define CE_MAN_QUERY_REMOTE_QUERY 1
127#define CE_MAN_QUERY_REMOTE_ACCEPT 2
128#define CE_MAN_QUERY_REMOTE_MOD 3
129#define CE_MAN_QUERY_REMOTE_SKIP 4
130#define CE_MAN_QUERY_REMOTE_MASK (0x07)
131#define CE_MAN_QUERY_REMOTE_SHIFT (2)
132 unsigned int flags;
57d6f103
AQ		 133
134 /* Shared secret used for TLS control channel authentication */
135 const char *tls_auth_file;
136 const char *tls_auth_file_inline;
137 int key_direction;
138
139 /* Shared secret used for TLS control channel authenticated encryption */
140 const char *tls_crypt_file;
141 const char *tls_crypt_inline;
4e9a51d7
JY		 142};
143
144struct remote_entry
145{
81d882d5
DS		 146 const char *remote;
147 const char *remote_port;
148 int proto;
149 sa_family_t af;
4e9a51d7
JY		 150};
151
4e9a51d7
JY		 152#define CONNECTION_LIST_SIZE 64
153
154struct connection_list
155{
81d882d5
DS		 156 int len;
157 int current;
158 struct connection_entry *array[CONNECTION_LIST_SIZE];
4e9a51d7
JY		 159};
160
161struct remote_list
162{
81d882d5
DS		 163 int len;
164 struct remote_entry *array[CONNECTION_LIST_SIZE];
4e9a51d7
JY		 165};
166
54561af6
JY		 167struct remote_host_store
168{
81d882d5
DS		 169#define RH_HOST_LEN 80
170 char host[RH_HOST_LEN];
076fd3e4 171#define RH_PORT_LEN 20
81d882d5 172 char port[RH_PORT_LEN];
54561af6 173};
54561af6 174
6fbf66fa
JY		 175/* Command line options */
176struct options
177{
81d882d5
DS		 178 struct gc_arena gc;
179 bool gc_owned;
6fbf66fa 180
81d882d5
DS		 181 /* first config file */
182 const char *config;
6fbf66fa 183
81d882d5
DS		 184 /* major mode */
185#define MODE_POINT_TO_POINT 0
186#define MODE_SERVER 1
187 int mode;
6fbf66fa 188
81d882d5
DS		 189 /* enable forward compatibility for post-2.1 features */
190 bool forward_compatible;
42d9f324 191 /* list of options that should be ignored even if unknown */
81d882d5 192 const char **ignore_unknown_option;
373faab1 193
81d882d5
DS		 194 /* persist parms */
195 bool persist_config;
196 int persist_mode;
6fbf66fa 197
81d882d5
DS		 198 const char *key_pass_file;
199 bool show_ciphers;
200 bool show_digests;
201 bool show_engines;
202 bool show_tls_ciphers;
203 bool show_curves;
204 bool genkey;
81d882d5
DS		 205
206 /* Networking parms */
207 int connect_retry_max;
208 struct connection_entry ce;
209 struct connection_list *connection_list;
210
211 struct remote_list *remote_list;
212 /* Do not advanced the connection or remote addr list*/
213 bool no_advance;
214 /* Counts the number of unsuccessful connection attempts */
215 unsigned int unsuccessful_attempts;
4e9a51d7 216
a4b8f653 217#if ENABLE_MANAGEMENT
81d882d5
DS		 218 struct http_proxy_options *http_proxy_override;
219#endif
220
221 struct remote_host_store *rh_store;
222
223 bool remote_random;
224 const char *ipchange;
225 const char *dev;
226 const char *dev_type;
227 const char *dev_node;
228 const char *lladdr;
229 int topology; /* one of the TOP_x values from proto.h */
230 const char *ifconfig_local;
231 const char *ifconfig_remote_netmask;
232 const char *ifconfig_ipv6_local;
233 int ifconfig_ipv6_netbits;
234 const char *ifconfig_ipv6_remote;
235 bool ifconfig_noexec;
236 bool ifconfig_nowarn;
3d163bc5 237#ifdef ENABLE_FEATURE_SHAPER
81d882d5 238 int shaper;
6fbf66fa 239#endif
6fbf66fa 240
81d882d5 241 int proto_force;
51e6e5b0 242
6fbf66fa 243#ifdef ENABLE_OCC
81d882d5 244 bool mtu_test;
6fbf66fa
JY		 245#endif
246
ffea644c 247#ifdef ENABLE_MEMSTATS
81d882d5 248 char *memstats_fn;
ffea644c
JY		 249#endif
250
81d882d5 251 bool mlock;
6fbf66fa 252
81d882d5
DS		 253 int keepalive_ping; /* a proxy for ping/ping-restart */
254 int keepalive_timeout;
6fbf66fa 255
81d882d5
DS		 256 int inactivity_timeout; /* --inactive */
257 int inactivity_minimum_bytes;
838911cc 258
81d882d5
DS		 259 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
260 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
261 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
6fbf66fa 262
81d882d5
DS		 263#define PING_UNDEF 0
264#define PING_EXIT 1
265#define PING_RESTART 2
266 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
6fbf66fa 267
81d882d5
DS		 268 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
269 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
270 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
271 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
6fbf66fa 272
6fbf66fa 273#if PASSTOS_CAPABILITY
81d882d5 274 bool passtos;
6fbf66fa
JY		 275#endif
276
81d882d5
DS		 277 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
278 bool resolve_in_advance;
279 const char *ip_remote_hint;
6fbf66fa 280
81d882d5 281 struct tuntap_options tuntap_options;
6fbf66fa 282
81d882d5
DS		 283 /* Misc parms */
284 const char *username;
285 const char *groupname;
286 const char *chroot_dir;
287 const char *cd_dir;
cd5990e0 288#ifdef ENABLE_SELINUX
81d882d5 289 char *selinux_context;
99385447 290#endif
81d882d5
DS		 291 const char *writepid;
292 const char *up_script;
293 const char *down_script;
294 bool user_script_used;
295 bool down_pre;
296 bool up_delay;
297 bool up_restart;
298 bool daemon;
6fbf66fa 299
81d882d5 300 int remap_sigusr1;
6fbf66fa 301
81d882d5
DS		 302 /* inetd modes defined in socket.h */
303 int inetd;
6fbf66fa 304
81d882d5
DS		 305 bool log;
306 bool suppress_timestamps;
307 bool machine_readable_output;
308 int nice;
309 int verbosity;
310 int mute;
6fbf66fa
JY		 311
312#ifdef ENABLE_DEBUG
81d882d5 313 int gremlin;
6fbf66fa
JY		 314#endif
315
81d882d5
DS		 316 const char *status_file;
317 int status_file_version;
318 int status_file_update_freq;
6fbf66fa 319
81d882d5
DS		 320 /* optimize TUN/TAP/UDP writes */
321 bool fast_io;
6fbf66fa 322
38d96bd7 323#ifdef USE_COMP
81d882d5
DS		 324 struct compress_options comp;
325#endif
326
327 /* buffer sizes */
328 int rcvbuf;
329 int sndbuf;
330
331 /* mark value */
332 int mark;
333
334 /* socket flags */
335 unsigned int sockflags;
336
337 /* route management */
338 const char *route_script;
339 const char *route_predown_script;
340 const char *route_default_gateway;
341 int route_default_metric;
342 bool route_noexec;
343 int route_delay;
344 int route_delay_window;
345 bool route_delay_defined;
346 struct route_option_list *routes;
347 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
348 bool route_nopull;
349 bool route_gateway_via_dhcp;
350 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
351 struct client_nat_option_list *client_nat;
581bef87 352
6fbf66fa 353#ifdef ENABLE_OCC
81d882d5
DS		 354 /* Enable options consistency check between peers */
355 bool occ;
6fbf66fa
JY		 356#endif
357
358#ifdef ENABLE_MANAGEMENT
81d882d5
DS		 359 const char *management_addr;
360 const char *management_port;
361 const char *management_user_pass;
362 int management_log_history_cache;
363 int management_echo_buffer_size;
364 int management_state_buffer_size;
365 const char *management_write_peer_info_file;
90efcacb 366
81d882d5
DS		 367 const char *management_client_user;
368 const char *management_client_group;
bb564a59 369
81d882d5
DS		 370 /* Mask of MF_ values of manage.h */
371 unsigned int management_flags;
372 const char *management_certificate;
6fbf66fa
JY		 373#endif
374
375#ifdef ENABLE_PLUGIN
81d882d5 376 struct plugin_option_list *plugin_list;
6fbf66fa
JY		 377#endif
378
ea5e091e 379
b70d99fb 380
6fbf66fa
JY		 381#if P2MP
382
383#if P2MP_SERVER
81d882d5
DS		 384 /* the tmp dir is for now only used in the P2P server context */
385 const char *tmp_dir;
386 bool server_defined;
387 in_addr_t server_network;
388 in_addr_t server_netmask;
389 bool server_ipv6_defined; /* IPv6 */
390 struct in6_addr server_network_ipv6; /* IPv6 */
391 unsigned int server_netbits_ipv6; /* IPv6 */
392
393#define SF_NOPOOL (1<<0)
394#define SF_TCP_NODELAY_HELPER (1<<1)
395#define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
396 unsigned int server_flags;
397
398 bool server_bridge_proxy_dhcp;
399
400 bool server_bridge_defined;
401 in_addr_t server_bridge_ip;
402 in_addr_t server_bridge_netmask;
403 in_addr_t server_bridge_pool_start;
404 in_addr_t server_bridge_pool_end;
405
406 struct push_list push_list;
407 bool ifconfig_pool_defined;
408 in_addr_t ifconfig_pool_start;
409 in_addr_t ifconfig_pool_end;
410 in_addr_t ifconfig_pool_netmask;
411 const char *ifconfig_pool_persist_filename;
412 int ifconfig_pool_persist_refresh_freq;
413
414 bool ifconfig_ipv6_pool_defined; /* IPv6 */
415 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
416 int ifconfig_ipv6_pool_netbits; /* IPv6 */
417
418 int real_hash_size;
419 int virtual_hash_size;
420 const char *client_connect_script;
421 const char *client_disconnect_script;
422 const char *learn_address_script;
423 const char *client_config_dir;
424 bool ccd_exclusive;
425 bool disable;
426 int n_bcast_buf;
427 int tcp_queue_limit;
428 struct iroute *iroutes;
429 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
430 bool push_ifconfig_defined;
431 in_addr_t push_ifconfig_local;
432 in_addr_t push_ifconfig_remote_netmask;
433 in_addr_t push_ifconfig_local_alias;
434 bool push_ifconfig_constraint_defined;
435 in_addr_t push_ifconfig_constraint_network;
436 in_addr_t push_ifconfig_constraint_netmask;
6ae2f19d 437 bool push_ifconfig_ipv4_blocked; /* IPv4 */
81d882d5
DS		 438 bool push_ifconfig_ipv6_defined; /* IPv6 */
439 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
440 int push_ifconfig_ipv6_netbits; /* IPv6 */
441 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
442 bool push_ifconfig_ipv6_blocked; /* IPv6 */
443 bool enable_c2c;
444 bool duplicate_cn;
445 int cf_max;
446 int cf_per;
447 int max_clients;
448 int max_routes_per_client;
449 int stale_routes_check_interval;
450 int stale_routes_ageing_time;
451
452 const char *auth_user_pass_verify_script;
453 bool auth_user_pass_verify_script_via_file;
454 bool auth_token_generate;
455 unsigned int auth_token_lifetime;
6add6b2f 456#if PORT_SHARE
81d882d5
DS		 457 char *port_share_host;
458 char *port_share_port;
459 const char *port_share_journal_dir;
6fbf66fa 460#endif
81d882d5 461#endif /* if P2MP_SERVER */
6fbf66fa 462
81d882d5
DS		 463 bool client;
464 bool pull; /* client pull of config options from server */
465 int push_continuation;
466 unsigned int push_option_types_found;
467 const char *auth_user_pass_file;
468 struct options_pre_pull *pre_pull;
6fbf66fa 469
81d882d5 470 int scheduled_exit_interval;
6fbf66fa 471
75987303 472#ifdef ENABLE_CLIENT_CR
81d882d5 473 struct static_challenge_info sc_info;
6fbf66fa 474#endif
81d882d5 475#endif /* if P2MP */
6fbf66fa 476
81d882d5
DS		 477 /* Cipher parms */
478 const char *shared_secret_file;
479 const char *shared_secret_file_inline;
480 int key_direction;
481 const char *ciphername;
482 bool ncp_enabled;
483 const char *ncp_ciphers;
484 const char *authname;
485 int keysize;
486 const char *prng_hash;
487 int prng_nonce_secret_len;
488 const char *engine;
489 bool replay;
490 bool mute_replay_warnings;
491 int replay_window;
492 int replay_time;
493 const char *packet_id_file;
81d882d5 494 bool test_crypto;
0f25d296 495#ifdef ENABLE_PREDICTION_RESISTANCE
81d882d5
DS		 496 bool use_prediction_resistance;
497#endif
498
499 /* TLS (control channel) parms */
500 bool tls_server;
501 bool tls_client;
502 const char *ca_file;
503 const char *ca_path;
504 const char *dh_file;
505 const char *cert_file;
506 const char *extra_certs_file;
507 const char *priv_key_file;
508 const char *pkcs12_file;
509 const char *cipher_list;
aba75874 510 const char *tls_cert_profile;
81d882d5
DS		 511 const char *ecdh_curve;
512 const char *tls_verify;
513 int verify_x509_type;
514 const char *verify_x509_name;
515 const char *tls_export_cert;
516 const char *crl_file;
517
518 const char *ca_file_inline;
519 const char *cert_file_inline;
520 const char *extra_certs_file_inline;
521 const char *crl_file_inline;
522 char *priv_key_file_inline;
523 const char *dh_file_inline;
524 const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
525
526 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
527 unsigned remote_cert_ku[MAX_PARMS];
528 const char *remote_cert_eku;
529 uint8_t *verify_hash;
2193d7c0 530 hash_algo_type verify_hash_algo;
81d882d5 531 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
bed73623
JY		 532
533#ifdef ENABLE_PKCS11
81d882d5
DS		 534 const char *pkcs11_providers[MAX_PARMS];
535 unsigned pkcs11_private_mode[MAX_PARMS];
536 bool pkcs11_protected_authentication[MAX_PARMS];
537 bool pkcs11_cert_private[MAX_PARMS];
538 int pkcs11_pin_cache_period;
539 const char *pkcs11_id;
540 bool pkcs11_id_management;
bed73623
JY		 541#endif
542
93c22ecc 543#ifdef ENABLE_CRYPTOAPI
81d882d5 544 const char *cryptoapi_cert;
6fbf66fa
JY		 545#endif
546
81d882d5
DS		 547 /* data channel key exchange method */
548 int key_method;
6fbf66fa 549
81d882d5
DS		 550 /* Per-packet timeout on control channel */
551 int tls_timeout;
6fbf66fa 552
81d882d5
DS		 553 /* Data channel key renegotiation parameters */
554 int renegotiate_bytes;
555 int renegotiate_packets;
556 int renegotiate_seconds;
dd996463 557 int renegotiate_seconds_min;
6fbf66fa 558
81d882d5
DS		 559 /* Data channel key handshake must finalize
560 * within n seconds of handshake initiation. */
561 int handshake_window;
6fbf66fa 562
fbd18db6 563#ifdef ENABLE_X509ALTUSERNAME
81d882d5
DS		 564 /* Field used to be the username in X509 cert. */
565 char *x509_username_field;
fbd18db6 566#endif
2e8337de 567
81d882d5
DS		 568 /* Old key allowed to live n seconds after new key goes active */
569 int transition_window;
6fbf66fa 570
81d882d5
DS		 571 /* Shared secret used for TLS control channel authentication */
572 const char *tls_auth_file;
573 const char *tls_auth_file_inline;
6fbf66fa 574
81d882d5
DS		 575 /* Shared secret used for TLS control channel authenticated encryption */
576 const char *tls_crypt_file;
577 const char *tls_crypt_inline;
c6e24fa3 578
81d882d5
DS		 579 /* Allow only one session */
580 bool single_session;
6fbf66fa 581
81d882d5 582 bool push_peer_info;
aaf72974 583
81d882d5 584 bool tls_exit;
6fbf66fa 585
81d882d5 586 const struct x509_track *x509_track;
9356bae8 587
81d882d5
DS		 588 /* special state parms */
589 int foreign_option_index;
6fbf66fa 590
445b192a 591#ifdef _WIN32
81d882d5
DS		 592 HANDLE msg_channel;
593 const char *exit_event_name;
594 bool exit_event_initial_state;
595 bool show_net_up;
596 int route_method;
597 bool block_outside_dns;
6fbf66fa 598#endif
65eedc35 599
81d882d5
DS		 600 bool use_peer_id;
601 uint32_t peer_id;
685e486e
DK		 602
603#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
81d882d5
DS		 604 /* Keying Material Exporters [RFC 5705] */
605 const char *keying_material_exporter_label;
606 int keying_material_exporter_length;
685e486e 607#endif
7f74c27e 608
81d882d5 609 struct pull_filter_list *pull_filter_list;
e8c42658 610
81d882d5
DS		 611 /* Useful when packets sent by openvpn itself are not subject
612 * to the routing tables that would move packets into the tunnel. */
613 bool allow_recursive_routing;
6fbf66fa
JY		 614};
615
616#define streq(x, y) (!strcmp((x), (y)))
617
618/*
619 * Option classes.
620 */
621#define OPT_P_GENERAL (1<<0)
622#define OPT_P_UP (1<<1)
623#define OPT_P_ROUTE (1<<2)
624#define OPT_P_IPWIN32 (1<<3)
625#define OPT_P_SCRIPT (1<<4)
626#define OPT_P_SETENV (1<<5)
627#define OPT_P_SHAPER (1<<6)
628#define OPT_P_TIMER (1<<7)
629#define OPT_P_PERSIST (1<<8)
630#define OPT_P_PERSIST_IP (1<<9)
631#define OPT_P_COMP (1<<10) /* TODO */
632#define OPT_P_MESSAGES (1<<11)
d728ebed 633#define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */
6fbf66fa
JY		 634#define OPT_P_TLS_PARMS (1<<13) /* TODO */
635#define OPT_P_MTU (1<<14) /* TODO */
636#define OPT_P_NICE (1<<15)
637#define OPT_P_PUSH (1<<16)
638#define OPT_P_INSTANCE (1<<17)
639#define OPT_P_CONFIG (1<<18)
640#define OPT_P_EXPLICIT_NOTIFY (1<<19)
641#define OPT_P_ECHO (1<<20)
642#define OPT_P_INHERIT (1<<21)
3c7f2f55
JY		 643#define OPT_P_ROUTE_EXTRAS (1<<22)
644#define OPT_P_PULL_MODE (1<<23)
645#define OPT_P_PLUGIN (1<<24)
00d39170
JY		 646#define OPT_P_SOCKBUF (1<<25)
647#define OPT_P_SOCKFLAGS (1<<26)
4e9a51d7 648#define OPT_P_CONNECTION (1<<27)
65eedc35 649#define OPT_P_PEER_ID (1<<28)
6fbf66fa 650
3c7f2f55 651#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
6fbf66fa
JY		 652
653#if P2MP
654#define PULL_DEFINED(opt) ((opt)->pull)
655#if P2MP_SERVER
656#define PUSH_DEFINED(opt) ((opt)->push_list)
657#endif
658#endif
659
660#ifndef PULL_DEFINED
661#define PULL_DEFINED(opt) (false)
662#endif
663
664#ifndef PUSH_DEFINED
665#define PUSH_DEFINED(opt) (false)
666#endif
667
445b192a 668#ifdef _WIN32
6fbf66fa
JY		 669#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
670#else
671#define ROUTE_OPTION_FLAGS(o) (0)
672#endif
673
3d163bc5 674#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 675#define SHAPER_DEFINED(opt) ((opt)->shaper)
676#else
677#define SHAPER_DEFINED(opt) (false)
678#endif
679
680#ifdef ENABLE_PLUGIN
681#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
682#else
683#define PLUGIN_OPTION_LIST(opt) (NULL)
684#endif
685
90efcacb
JY		 686#ifdef MANAGEMENT_DEF_AUTH
687#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
688#else
689#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
690#endif
691
81d882d5
DS		 692void parse_argv(struct options *options,
693 const int argc,
694 char *argv[],
695 const int msglevel,
696 const unsigned int permission_mask,
697 unsigned int *option_types_found,
698 struct env_set *es);
6fbf66fa 699
81d882d5 700void notnull(const char *arg, const char *description);
6fbf66fa 701
81d882d5 702void usage_small(void);
6fbf66fa 703
5b17803e
JY		 704void show_library_versions(const unsigned int flags);
705
445b192a 706#ifdef _WIN32
cdc65ea0 707void show_windows_version(const unsigned int flags);
81d882d5 708
cdc65ea0
LS		 709#endif
710
81d882d5
DS		 711void init_options(struct options *o, const bool init_gc);
712
713void uninit_options(struct options *o);
6fbf66fa 714
81d882d5 715void setenv_settings(struct env_set *es, const struct options *o);
6fbf66fa 716
81d882d5
DS		 717void show_settings(const struct options *o);
718
719bool string_defined_equal(const char *s1, const char *s2);
6fbf66fa
JY		 720
721#ifdef ENABLE_OCC
722
81d882d5
DS		 723const char *options_string_version(const char *s, struct gc_arena *gc);
724
725char *options_string(const struct options *o,
726 const struct frame *frame,
727 struct tuntap *tt,
728 bool remote,
729 struct gc_arena *gc);
730
731bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
6fbf66fa 732
81d882d5 733void options_warning_safe(char *actual, const char *expected, size_t actual_n);
6fbf66fa 734
81d882d5
DS		 735bool options_cmp_equal(char *actual, const char *expected);
736
737void options_warning(char *actual, const char *expected);
6fbf66fa
JY		 738
739#endif
740
6e5ad2fa
SK		 741/**
742 * Given an OpenVPN options string, extract the value of an option.
743 *
81d882d5
DS		 744 * @param options_string Zero-terminated, comma-separated options string
745 * @param opt_name The name of the option to extract
746 * @param gc The gc to allocate the return value
6e5ad2fa
SK		 747 *
748 * @return gc-allocated value of option with name opt_name if option was found,
749 * or NULL otherwise.
750 */
81d882d5
DS		 751char *options_string_extract_option(const char *options_string,
752 const char *opt_name, struct gc_arena *gc);
753
6e5ad2fa 754
81d882d5 755void options_postprocess(struct options *options);
6e5ad2fa 756
81d882d5 757void pre_pull_save(struct options *o);
6fbf66fa 758
81d882d5 759void pre_pull_restore(struct options *o, struct gc_arena *gc);
6fbf66fa 760
81d882d5
DS		 761bool apply_push_options(struct options *options,
762 struct buffer *buf,
763 unsigned int permission_mask,
764 unsigned int *option_types_found,
765 struct env_set *es);
6fbf66fa 766
81d882d5 767void options_detach(struct options *o);
6fbf66fa 768
81d882d5
DS		 769void options_server_import(struct options *o,
770 const char *filename,
771 int msglevel,
772 unsigned int permission_mask,
773 unsigned int *option_types_found,
774 struct env_set *es);
6fbf66fa 775
81d882d5 776void pre_pull_default(struct options *o);
6fbf66fa 777
81d882d5 778void rol_check_alloc(struct options *options);
6fbf66fa 779
81d882d5
DS		 780int parse_line(const char *line,
781 char *p[],
782 const int n,
783 const char *file,
784 const int line_num,
785 int msglevel,
786 struct gc_arena *gc);
6fbf66fa 787
3c7f2f55
JY		 788/*
789 * parse/print topology coding
790 */
791
81d882d5
DS		 792int parse_topology(const char *str, const int msglevel);
793
794const char *print_topology(const int topology);
3c7f2f55 795
6fbf66fa
JY		 796/*
797 * Manage auth-retry variable
798 */
799
800#if P2MP
801
802#define AR_NONE 0
803#define AR_INTERACT 1
804#define AR_NOINTERACT 2
805
81d882d5
DS		 806int auth_retry_get(void);
807
808bool auth_retry_set(const int msglevel, const char *option);
809
810const char *auth_retry_print(void);
6fbf66fa
JY		 811
812#endif
813
81d882d5
DS		 814void options_string_import(struct options *options,
815 const char *config,
816 const int msglevel,
817 const unsigned int permission_mask,
818 unsigned int *option_types_found,
819 struct env_set *es);
3c7f2f55 820
81d882d5
DS		 821bool get_ipv6_addr( const char *prefix_str, struct in6_addr *network,
822 unsigned int *netbits, int msglevel );
512cda46 823
4e9a51d7 824
81d882d5 825#endif /* ifndef OPTIONS_H */
Mirror of https://github.com/OpenVPN/openvpn.git