]> git.ipfire.org Git - thirdparty/openvpn.git/blame - src/openvpn/options.h
projects / thirdparty / openvpn.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
iservice: Resolve MSVC C4996 warnings
[thirdparty/openvpn.git] / src / openvpn / options.h
CommitLineData
6fbf66fa
JY		 1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
49979459 8 * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
6fbf66fa
JY		 9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
caa54ac3
DS		 19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
6fbf66fa
JY		 22 */
23
24/*
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
27 */
28
29#ifndef OPTIONS_H
30#define OPTIONS_H
31
32#include "basic.h"
33#include "common.h"
34#include "mtu.h"
35#include "route.h"
36#include "tun.h"
37#include "socket.h"
38#include "plugin.h"
39#include "manage.h"
40#include "proxy.h"
38d96bd7 41#include "comp.h"
3eee126e 42#include "pushlist.h"
581bef87 43#include "clinat.h"
2193d7c0 44#include "crypto_backend.h"
2193d7c0 45
6fbf66fa
JY		 46
47/*
48 * Maximum number of parameters associated with an option,
49 * including the option name itself.
50 */
51#define MAX_PARMS 16
52
53/*
54 * Max size of options line and parameter.
55 */
56#define OPTION_PARM_SIZE 256
57#define OPTION_LINE_SIZE 256
58
59extern const char title_string[];
60
61#if P2MP
62
6fbf66fa
JY		 63/* certain options are saved before --pull modifications are applied */
64struct options_pre_pull
65{
81d882d5
DS		 66 bool tuntap_options_defined;
67 struct tuntap_options tuntap_options;
6fbf66fa 68
81d882d5
DS		 69 bool routes_defined;
70 struct route_option_list *routes;
6fbf66fa 71
81d882d5
DS		 72 bool routes_ipv6_defined;
73 struct route_ipv6_option_list *routes_ipv6;
91402236 74
81d882d5
DS		 75 bool client_nat_defined;
76 struct client_nat_option_list *client_nat;
581bef87 77
81d882d5 78 int foreign_option_index;
6fbf66fa
JY		 79};
80
253329a8 81#endif
c7ca9133 82#if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
81d882d5 83#error "At least one of OpenSSL or mbed TLS needs to be defined."
6fbf66fa
JY		 84#endif
85
4e9a51d7
JY		 86struct connection_entry
87{
81d882d5
DS		 88 int proto;
89 sa_family_t af;
90 const char *local_port;
91 bool local_port_defined;
92 const char *remote_port;
93 const char *local;
94 const char *remote;
95 bool remote_float;
96 bool bind_defined;
97 bool bind_ipv6_only;
98 bool bind_local;
99 int connect_retry_seconds;
100 int connect_retry_seconds_max;
101 int connect_timeout;
102 struct http_proxy_options *http_proxy_options;
103 const char *socks_proxy_server;
104 const char *socks_proxy_port;
105 const char *socks_proxy_authfile;
106
107 int tun_mtu; /* MTU of tun device */
108 bool tun_mtu_defined; /* true if user overriding parm with command line option */
109 int tun_mtu_extra;
110 bool tun_mtu_extra_defined;
111 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
112 bool link_mtu_defined; /* true if user overriding parm with command line option */
113
114 /* Advanced MTU negotiation and datagram fragmentation options */
115 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
116
117 int fragment; /* internal fragmentation size */
118 int mssfix; /* Upper bound on TCP MSS */
119 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
120
121 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
122
123#define CE_DISABLED (1<<0)
124#define CE_MAN_QUERY_PROXY (1<<1)
125#define CE_MAN_QUERY_REMOTE_UNDEF 0
126#define CE_MAN_QUERY_REMOTE_QUERY 1
127#define CE_MAN_QUERY_REMOTE_ACCEPT 2
128#define CE_MAN_QUERY_REMOTE_MOD 3
129#define CE_MAN_QUERY_REMOTE_SKIP 4
130#define CE_MAN_QUERY_REMOTE_MASK (0x07)
131#define CE_MAN_QUERY_REMOTE_SHIFT (2)
132 unsigned int flags;
57d6f103
AQ		 133
134 /* Shared secret used for TLS control channel authentication */
135 const char *tls_auth_file;
cb2e9218 136 bool tls_auth_file_inline;
57d6f103
AQ		 137 int key_direction;
138
139 /* Shared secret used for TLS control channel authenticated encryption */
140 const char *tls_crypt_file;
cb2e9218 141 bool tls_crypt_file_inline;
9d59029a
SK		 142
143 /* Client-specific secret or server key used for TLS control channel
144 * authenticated encryption v2 */
145 const char *tls_crypt_v2_file;
cb2e9218 146 bool tls_crypt_v2_file_inline;
4e9a51d7
JY		 147};
148
149struct remote_entry
150{
81d882d5
DS		 151 const char *remote;
152 const char *remote_port;
153 int proto;
154 sa_family_t af;
4e9a51d7
JY		 155};
156
4e9a51d7
JY		 157#define CONNECTION_LIST_SIZE 64
158
159struct connection_list
160{
81d882d5
DS		 161 int len;
162 int current;
163 struct connection_entry *array[CONNECTION_LIST_SIZE];
4e9a51d7
JY		 164};
165
166struct remote_list
167{
81d882d5
DS		 168 int len;
169 struct remote_entry *array[CONNECTION_LIST_SIZE];
4e9a51d7
JY		 170};
171
99f28081
AQ		 172enum vlan_acceptable_frames
173{
e375a5ce 174 VLAN_ONLY_TAGGED,
99f28081 175 VLAN_ONLY_UNTAGGED_OR_PRIORITY,
d626fa17 176 VLAN_ALL,
99f28081
AQ		 177};
178
54561af6
JY		 179struct remote_host_store
180{
81d882d5
DS		 181#define RH_HOST_LEN 80
182 char host[RH_HOST_LEN];
076fd3e4 183#define RH_PORT_LEN 20
81d882d5 184 char port[RH_PORT_LEN];
54561af6 185};
54561af6 186
0d80b562
AS		 187enum genkey_type {
188 GENKEY_SECRET,
189 GENKEY_TLS_CRYPTV2_CLIENT,
190 GENKEY_TLS_CRYPTV2_SERVER,
1b9a88a2 191 GENKEY_AUTH_TOKEN
0d80b562
AS		 192};
193
6fbf66fa
JY		 194/* Command line options */
195struct options
196{
81d882d5
DS		 197 struct gc_arena gc;
198 bool gc_owned;
6fbf66fa 199
81d882d5
DS		 200 /* first config file */
201 const char *config;
6fbf66fa 202
81d882d5
DS		 203 /* major mode */
204#define MODE_POINT_TO_POINT 0
205#define MODE_SERVER 1
206 int mode;
6fbf66fa 207
81d882d5
DS		 208 /* enable forward compatibility for post-2.1 features */
209 bool forward_compatible;
42d9f324 210 /* list of options that should be ignored even if unknown */
81d882d5 211 const char **ignore_unknown_option;
373faab1 212
81d882d5
DS		 213 /* persist parms */
214 bool persist_config;
215 int persist_mode;
6fbf66fa 216
81d882d5
DS		 217 const char *key_pass_file;
218 bool show_ciphers;
219 bool show_digests;
220 bool show_engines;
221 bool show_tls_ciphers;
222 bool show_curves;
223 bool genkey;
0d80b562 224 enum genkey_type genkey_type;
9cf7b492
AS		 225 const char *genkey_filename;
226 const char *genkey_extra_data;
81d882d5
DS		 227
228 /* Networking parms */
229 int connect_retry_max;
230 struct connection_entry ce;
231 struct connection_list *connection_list;
232
233 struct remote_list *remote_list;
234 /* Do not advanced the connection or remote addr list*/
235 bool no_advance;
236 /* Counts the number of unsuccessful connection attempts */
237 unsigned int unsuccessful_attempts;
4e9a51d7 238
a4b8f653 239#if ENABLE_MANAGEMENT
81d882d5
DS		 240 struct http_proxy_options *http_proxy_override;
241#endif
242
243 struct remote_host_store *rh_store;
244
245 bool remote_random;
246 const char *ipchange;
247 const char *dev;
248 const char *dev_type;
249 const char *dev_node;
250 const char *lladdr;
251 int topology; /* one of the TOP_x values from proto.h */
252 const char *ifconfig_local;
253 const char *ifconfig_remote_netmask;
254 const char *ifconfig_ipv6_local;
255 int ifconfig_ipv6_netbits;
256 const char *ifconfig_ipv6_remote;
257 bool ifconfig_noexec;
258 bool ifconfig_nowarn;
3d163bc5 259#ifdef ENABLE_FEATURE_SHAPER
81d882d5 260 int shaper;
6fbf66fa 261#endif
6fbf66fa 262
81d882d5 263 int proto_force;
51e6e5b0 264
81d882d5 265 bool mtu_test;
6fbf66fa 266
ffea644c 267#ifdef ENABLE_MEMSTATS
81d882d5 268 char *memstats_fn;
ffea644c
JY		 269#endif
270
81d882d5 271 bool mlock;
6fbf66fa 272
81d882d5
DS		 273 int keepalive_ping; /* a proxy for ping/ping-restart */
274 int keepalive_timeout;
6fbf66fa 275
81d882d5
DS		 276 int inactivity_timeout; /* --inactive */
277 int inactivity_minimum_bytes;
838911cc 278
81d882d5
DS		 279 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
280 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
281 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
6fbf66fa 282
81d882d5
DS		 283#define PING_UNDEF 0
284#define PING_EXIT 1
285#define PING_RESTART 2
286 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
6fbf66fa 287
81d882d5
DS		 288 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
289 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
290 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
291 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
6fbf66fa 292
6fbf66fa 293#if PASSTOS_CAPABILITY
81d882d5 294 bool passtos;
6fbf66fa
JY		 295#endif
296
81d882d5
DS		 297 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
298 bool resolve_in_advance;
299 const char *ip_remote_hint;
6fbf66fa 300
81d882d5 301 struct tuntap_options tuntap_options;
6fbf66fa 302
81d882d5
DS		 303 /* Misc parms */
304 const char *username;
305 const char *groupname;
306 const char *chroot_dir;
307 const char *cd_dir;
cd5990e0 308#ifdef ENABLE_SELINUX
81d882d5 309 char *selinux_context;
99385447 310#endif
81d882d5
DS		 311 const char *writepid;
312 const char *up_script;
313 const char *down_script;
314 bool user_script_used;
315 bool down_pre;
316 bool up_delay;
317 bool up_restart;
318 bool daemon;
6fbf66fa 319
81d882d5 320 int remap_sigusr1;
6fbf66fa 321
81d882d5
DS		 322 bool log;
323 bool suppress_timestamps;
324 bool machine_readable_output;
325 int nice;
326 int verbosity;
327 int mute;
6fbf66fa
JY		 328
329#ifdef ENABLE_DEBUG
81d882d5 330 int gremlin;
6fbf66fa
JY		 331#endif
332
81d882d5
DS		 333 const char *status_file;
334 int status_file_version;
335 int status_file_update_freq;
6fbf66fa 336
81d882d5
DS		 337 /* optimize TUN/TAP/UDP writes */
338 bool fast_io;
6fbf66fa 339
38d96bd7 340#ifdef USE_COMP
81d882d5
DS		 341 struct compress_options comp;
342#endif
343
344 /* buffer sizes */
345 int rcvbuf;
346 int sndbuf;
347
348 /* mark value */
349 int mark;
19d3c602 350 char *bind_dev;
81d882d5
DS		 351
352 /* socket flags */
353 unsigned int sockflags;
354
355 /* route management */
356 const char *route_script;
357 const char *route_predown_script;
358 const char *route_default_gateway;
d24e1b17 359 const char *route_ipv6_default_gateway;
81d882d5
DS		 360 int route_default_metric;
361 bool route_noexec;
362 int route_delay;
363 int route_delay_window;
364 bool route_delay_defined;
365 struct route_option_list *routes;
366 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
e11d2d14 367 bool block_ipv6;
81d882d5
DS		 368 bool route_nopull;
369 bool route_gateway_via_dhcp;
370 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
371 struct client_nat_option_list *client_nat;
581bef87 372
81d882d5
DS		 373 /* Enable options consistency check between peers */
374 bool occ;
6fbf66fa
JY		 375
376#ifdef ENABLE_MANAGEMENT
81d882d5
DS		 377 const char *management_addr;
378 const char *management_port;
379 const char *management_user_pass;
380 int management_log_history_cache;
381 int management_echo_buffer_size;
382 int management_state_buffer_size;
383 const char *management_write_peer_info_file;
90efcacb 384
81d882d5
DS		 385 const char *management_client_user;
386 const char *management_client_group;
bb564a59 387
81d882d5
DS		 388 /* Mask of MF_ values of manage.h */
389 unsigned int management_flags;
390 const char *management_certificate;
6fbf66fa
JY		 391#endif
392
393#ifdef ENABLE_PLUGIN
81d882d5 394 struct plugin_option_list *plugin_list;
6fbf66fa
JY		 395#endif
396
ea5e091e 397
b70d99fb 398
6fbf66fa
JY		 399#if P2MP
400
81d882d5
DS		 401 /* the tmp dir is for now only used in the P2P server context */
402 const char *tmp_dir;
403 bool server_defined;
404 in_addr_t server_network;
405 in_addr_t server_netmask;
406 bool server_ipv6_defined; /* IPv6 */
407 struct in6_addr server_network_ipv6; /* IPv6 */
408 unsigned int server_netbits_ipv6; /* IPv6 */
409
410#define SF_NOPOOL (1<<0)
411#define SF_TCP_NODELAY_HELPER (1<<1)
412#define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
413 unsigned int server_flags;
414
415 bool server_bridge_proxy_dhcp;
416
417 bool server_bridge_defined;
418 in_addr_t server_bridge_ip;
419 in_addr_t server_bridge_netmask;
420 in_addr_t server_bridge_pool_start;
421 in_addr_t server_bridge_pool_end;
422
423 struct push_list push_list;
424 bool ifconfig_pool_defined;
425 in_addr_t ifconfig_pool_start;
426 in_addr_t ifconfig_pool_end;
427 in_addr_t ifconfig_pool_netmask;
428 const char *ifconfig_pool_persist_filename;
429 int ifconfig_pool_persist_refresh_freq;
430
431 bool ifconfig_ipv6_pool_defined; /* IPv6 */
432 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
433 int ifconfig_ipv6_pool_netbits; /* IPv6 */
434
435 int real_hash_size;
436 int virtual_hash_size;
437 const char *client_connect_script;
438 const char *client_disconnect_script;
439 const char *learn_address_script;
440 const char *client_config_dir;
441 bool ccd_exclusive;
442 bool disable;
443 int n_bcast_buf;
444 int tcp_queue_limit;
445 struct iroute *iroutes;
446 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
447 bool push_ifconfig_defined;
448 in_addr_t push_ifconfig_local;
449 in_addr_t push_ifconfig_remote_netmask;
450 in_addr_t push_ifconfig_local_alias;
451 bool push_ifconfig_constraint_defined;
452 in_addr_t push_ifconfig_constraint_network;
453 in_addr_t push_ifconfig_constraint_netmask;
6ae2f19d 454 bool push_ifconfig_ipv4_blocked; /* IPv4 */
81d882d5
DS		 455 bool push_ifconfig_ipv6_defined; /* IPv6 */
456 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
457 int push_ifconfig_ipv6_netbits; /* IPv6 */
458 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
459 bool push_ifconfig_ipv6_blocked; /* IPv6 */
460 bool enable_c2c;
461 bool duplicate_cn;
462 int cf_max;
463 int cf_per;
464 int max_clients;
465 int max_routes_per_client;
466 int stale_routes_check_interval;
467 int stale_routes_ageing_time;
468
469 const char *auth_user_pass_verify_script;
470 bool auth_user_pass_verify_script_via_file;
471 bool auth_token_generate;
c8723aa7
AS		 472 bool auth_token_gen_secret_file;
473 bool auth_token_call_auth;
474 int auth_token_lifetime;
1b9a88a2 475 const char *auth_token_secret_file;
cb2e9218 476 bool auth_token_secret_file_inline;
1b9a88a2 477
6add6b2f 478#if PORT_SHARE
81d882d5
DS		 479 char *port_share_host;
480 char *port_share_port;
481 const char *port_share_journal_dir;
6fbf66fa
JY		 482#endif
483
81d882d5
DS		 484 bool client;
485 bool pull; /* client pull of config options from server */
486 int push_continuation;
487 unsigned int push_option_types_found;
488 const char *auth_user_pass_file;
489 struct options_pre_pull *pre_pull;
6fbf66fa 490
81d882d5 491 int scheduled_exit_interval;
6fbf66fa 492
66b9409b 493#ifdef ENABLE_MANAGEMENT
81d882d5 494 struct static_challenge_info sc_info;
6fbf66fa 495#endif
81d882d5 496#endif /* if P2MP */
6fbf66fa 497
81d882d5
DS		 498 /* Cipher parms */
499 const char *shared_secret_file;
cb2e9218 500 bool shared_secret_file_inline;
81d882d5
DS		 501 int key_direction;
502 const char *ciphername;
2c1d8c33
AS		 503 bool enable_ncp_fallback; /**< If defined fall back to
504 * ciphername if NCP fails */
81d882d5
DS		 505 bool ncp_enabled;
506 const char *ncp_ciphers;
507 const char *authname;
508 int keysize;
509 const char *prng_hash;
510 int prng_nonce_secret_len;
511 const char *engine;
512 bool replay;
513 bool mute_replay_warnings;
514 int replay_window;
515 int replay_time;
516 const char *packet_id_file;
81d882d5 517 bool test_crypto;
0f25d296 518#ifdef ENABLE_PREDICTION_RESISTANCE
81d882d5
DS		 519 bool use_prediction_resistance;
520#endif
521
522 /* TLS (control channel) parms */
523 bool tls_server;
524 bool tls_client;
525 const char *ca_file;
cb2e9218 526 bool ca_file_inline;
81d882d5
DS		 527 const char *ca_path;
528 const char *dh_file;
cb2e9218 529 bool dh_file_inline;
81d882d5 530 const char *cert_file;
cb2e9218 531 bool cert_file_inline;
81d882d5 532 const char *extra_certs_file;
cb2e9218 533 bool extra_certs_file_inline;
81d882d5 534 const char *priv_key_file;
cb2e9218 535 bool priv_key_file_inline;
81d882d5 536 const char *pkcs12_file;
cb2e9218 537 bool pkcs12_file_inline;
81d882d5 538 const char *cipher_list;
ea4ee313 539 const char *cipher_list_tls13;
8353ae80 540 const char *tls_groups;
aba75874 541 const char *tls_cert_profile;
81d882d5
DS		 542 const char *ecdh_curve;
543 const char *tls_verify;
544 int verify_x509_type;
545 const char *verify_x509_name;
546 const char *tls_export_cert;
547 const char *crl_file;
cb2e9218 548 bool crl_file_inline;
81d882d5
DS		 549
550 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
551 unsigned remote_cert_ku[MAX_PARMS];
552 const char *remote_cert_eku;
553 uint8_t *verify_hash;
2193d7c0 554 hash_algo_type verify_hash_algo;
81d882d5 555 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
bed73623
JY		 556
557#ifdef ENABLE_PKCS11
81d882d5
DS		 558 const char *pkcs11_providers[MAX_PARMS];
559 unsigned pkcs11_private_mode[MAX_PARMS];
560 bool pkcs11_protected_authentication[MAX_PARMS];
561 bool pkcs11_cert_private[MAX_PARMS];
562 int pkcs11_pin_cache_period;
563 const char *pkcs11_id;
564 bool pkcs11_id_management;
bed73623
JY		 565#endif
566
93c22ecc 567#ifdef ENABLE_CRYPTOAPI
81d882d5 568 const char *cryptoapi_cert;
6fbf66fa 569#endif
81d882d5
DS		 570 /* Per-packet timeout on control channel */
571 int tls_timeout;
6fbf66fa 572
81d882d5
DS		 573 /* Data channel key renegotiation parameters */
574 int renegotiate_bytes;
575 int renegotiate_packets;
576 int renegotiate_seconds;
dd996463 577 int renegotiate_seconds_min;
6fbf66fa 578
81d882d5
DS		 579 /* Data channel key handshake must finalize
580 * within n seconds of handshake initiation. */
581 int handshake_window;
6fbf66fa 582
fbd18db6 583#ifdef ENABLE_X509ALTUSERNAME
3b04c34d
VG		 584 /* Field list used to be the username in X509 cert. */
585 char *x509_username_field[MAX_PARMS];
fbd18db6 586#endif
2e8337de 587
81d882d5
DS		 588 /* Old key allowed to live n seconds after new key goes active */
589 int transition_window;
6fbf66fa 590
81d882d5
DS		 591 /* Shared secret used for TLS control channel authentication */
592 const char *tls_auth_file;
cb2e9218 593 bool tls_auth_file_inline;
6fbf66fa 594
81d882d5
DS		 595 /* Shared secret used for TLS control channel authenticated encryption */
596 const char *tls_crypt_file;
cb2e9218 597 bool tls_crypt_file_inline;
c6e24fa3 598
9d59029a
SK		 599 /* Client-specific secret or server key used for TLS control channel
600 * authenticated encryption v2 */
601 const char *tls_crypt_v2_file;
cb2e9218 602 bool tls_crypt_v2_file_inline;
9d59029a 603
9d59029a
SK		 604 const char *tls_crypt_v2_metadata;
605
ff931c5e
SK		 606 const char *tls_crypt_v2_verify_script;
607
81d882d5
DS		 608 /* Allow only one session */
609 bool single_session;
6fbf66fa 610
81d882d5 611 bool push_peer_info;
aaf72974 612
81d882d5 613 bool tls_exit;
6fbf66fa 614
81d882d5 615 const struct x509_track *x509_track;
9356bae8 616
81d882d5
DS		 617 /* special state parms */
618 int foreign_option_index;
6fbf66fa 619
445b192a 620#ifdef _WIN32
81d882d5
DS		 621 HANDLE msg_channel;
622 const char *exit_event_name;
623 bool exit_event_initial_state;
624 bool show_net_up;
625 int route_method;
626 bool block_outside_dns;
36215dc5 627 enum windows_driver_type windows_driver;
6fbf66fa 628#endif
65eedc35 629
81d882d5
DS		 630 bool use_peer_id;
631 uint32_t peer_id;
685e486e 632
5defbba4 633#ifdef HAVE_EXPORT_KEYING_MATERIAL
81d882d5
DS		 634 /* Keying Material Exporters [RFC 5705] */
635 const char *keying_material_exporter_label;
636 int keying_material_exporter_length;
685e486e 637#endif
7f74c27e 638
99f28081
AQ		 639 bool vlan_tagging;
640 enum vlan_acceptable_frames vlan_accept;
641 uint16_t vlan_pvid;
642
81d882d5 643 struct pull_filter_list *pull_filter_list;
e8c42658 644
81d882d5
DS		 645 /* Useful when packets sent by openvpn itself are not subject
646 * to the routing tables that would move packets into the tunnel. */
647 bool allow_recursive_routing;
6dc09d0d
AS		 648
649 /* Use RFC5705 key export to generate data channel keys */
650 bool data_channel_use_ekm;
6fbf66fa
JY		 651};
652
653#define streq(x, y) (!strcmp((x), (y)))
654
655/*
656 * Option classes.
657 */
658#define OPT_P_GENERAL (1<<0)
659#define OPT_P_UP (1<<1)
660#define OPT_P_ROUTE (1<<2)
661#define OPT_P_IPWIN32 (1<<3)
662#define OPT_P_SCRIPT (1<<4)
663#define OPT_P_SETENV (1<<5)
664#define OPT_P_SHAPER (1<<6)
665#define OPT_P_TIMER (1<<7)
666#define OPT_P_PERSIST (1<<8)
667#define OPT_P_PERSIST_IP (1<<9)
668#define OPT_P_COMP (1<<10) /* TODO */
669#define OPT_P_MESSAGES (1<<11)
d728ebed 670#define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */
6fbf66fa
JY		 671#define OPT_P_TLS_PARMS (1<<13) /* TODO */
672#define OPT_P_MTU (1<<14) /* TODO */
673#define OPT_P_NICE (1<<15)
674#define OPT_P_PUSH (1<<16)
6168f53d 675#define OPT_P_INSTANCE (1<<17) /**< allowed in ccd, client-connect etc*/
6fbf66fa
JY		 676#define OPT_P_CONFIG (1<<18)
677#define OPT_P_EXPLICIT_NOTIFY (1<<19)
678#define OPT_P_ECHO (1<<20)
679#define OPT_P_INHERIT (1<<21)
3c7f2f55
JY		 680#define OPT_P_ROUTE_EXTRAS (1<<22)
681#define OPT_P_PULL_MODE (1<<23)
682#define OPT_P_PLUGIN (1<<24)
00d39170
JY		 683#define OPT_P_SOCKBUF (1<<25)
684#define OPT_P_SOCKFLAGS (1<<26)
4e9a51d7 685#define OPT_P_CONNECTION (1<<27)
65eedc35 686#define OPT_P_PEER_ID (1<<28)
cb2e9218 687#define OPT_P_INLINE (1<<29)
6fbf66fa 688
3c7f2f55 689#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
6fbf66fa
JY		 690
691#if P2MP
692#define PULL_DEFINED(opt) ((opt)->pull)
6fbf66fa
JY		 693#define PUSH_DEFINED(opt) ((opt)->push_list)
694#endif
6fbf66fa
JY		 695
696#ifndef PULL_DEFINED
697#define PULL_DEFINED(opt) (false)
698#endif
699
700#ifndef PUSH_DEFINED
701#define PUSH_DEFINED(opt) (false)
702#endif
703
445b192a 704#ifdef _WIN32
6fbf66fa
JY		 705#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
706#else
707#define ROUTE_OPTION_FLAGS(o) (0)
708#endif
709
3d163bc5 710#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 711#define SHAPER_DEFINED(opt) ((opt)->shaper)
712#else
713#define SHAPER_DEFINED(opt) (false)
714#endif
715
716#ifdef ENABLE_PLUGIN
717#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
718#else
719#define PLUGIN_OPTION_LIST(opt) (NULL)
720#endif
721
99d217b2 722#ifdef ENABLE_MANAGEMENT
90efcacb
JY		 723#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
724#else
725#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
726#endif
727
81d882d5
DS		 728void parse_argv(struct options *options,
729 const int argc,
730 char *argv[],
731 const int msglevel,
732 const unsigned int permission_mask,
733 unsigned int *option_types_found,
734 struct env_set *es);
6fbf66fa 735
81d882d5 736void notnull(const char *arg, const char *description);
6fbf66fa 737
81d882d5 738void usage_small(void);
6fbf66fa 739
5b17803e
JY		 740void show_library_versions(const unsigned int flags);
741
445b192a 742#ifdef _WIN32
cdc65ea0 743void show_windows_version(const unsigned int flags);
81d882d5 744
cdc65ea0
LS		 745#endif
746
81d882d5
DS		 747void init_options(struct options *o, const bool init_gc);
748
749void uninit_options(struct options *o);
6fbf66fa 750
81d882d5 751void setenv_settings(struct env_set *es, const struct options *o);
6fbf66fa 752
81d882d5
DS		 753void show_settings(const struct options *o);
754
755bool string_defined_equal(const char *s1, const char *s2);
6fbf66fa 756
81d882d5
DS		 757const char *options_string_version(const char *s, struct gc_arena *gc);
758
759char *options_string(const struct options *o,
760 const struct frame *frame,
761 struct tuntap *tt,
dc7fcd71 762 openvpn_net_ctx_t *ctx,
81d882d5
DS		 763 bool remote,
764 struct gc_arena *gc);
765
766bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
6fbf66fa 767
81d882d5 768void options_warning_safe(char *actual, const char *expected, size_t actual_n);
6fbf66fa 769
81d882d5
DS		 770bool options_cmp_equal(char *actual, const char *expected);
771
772void options_warning(char *actual, const char *expected);
6fbf66fa 773
6e5ad2fa
SK		 774/**
775 * Given an OpenVPN options string, extract the value of an option.
776 *
81d882d5
DS		 777 * @param options_string Zero-terminated, comma-separated options string
778 * @param opt_name The name of the option to extract
779 * @param gc The gc to allocate the return value
6e5ad2fa
SK		 780 *
781 * @return gc-allocated value of option with name opt_name if option was found,
782 * or NULL otherwise.
783 */
81d882d5
DS		 784char *options_string_extract_option(const char *options_string,
785 const char *opt_name, struct gc_arena *gc);
786
6e5ad2fa 787
81d882d5 788void options_postprocess(struct options *options);
6e5ad2fa 789
81d882d5 790void pre_pull_save(struct options *o);
6fbf66fa 791
81d882d5 792void pre_pull_restore(struct options *o, struct gc_arena *gc);
6fbf66fa 793
81d882d5
DS		 794bool apply_push_options(struct options *options,
795 struct buffer *buf,
796 unsigned int permission_mask,
797 unsigned int *option_types_found,
798 struct env_set *es);
6fbf66fa 799
81d882d5 800void options_detach(struct options *o);
6fbf66fa 801
81d882d5
DS		 802void options_server_import(struct options *o,
803 const char *filename,
804 int msglevel,
805 unsigned int permission_mask,
806 unsigned int *option_types_found,
807 struct env_set *es);
6fbf66fa 808
81d882d5 809void pre_pull_default(struct options *o);
6fbf66fa 810
81d882d5 811void rol_check_alloc(struct options *options);
6fbf66fa 812
81d882d5
DS		 813int parse_line(const char *line,
814 char *p[],
815 const int n,
816 const char *file,
817 const int line_num,
818 int msglevel,
819 struct gc_arena *gc);
6fbf66fa 820
3c7f2f55
JY		 821/*
822 * parse/print topology coding
823 */
824
81d882d5
DS		 825int parse_topology(const char *str, const int msglevel);
826
827const char *print_topology(const int topology);
3c7f2f55 828
6fbf66fa
JY		 829/*
830 * Manage auth-retry variable
831 */
832
833#if P2MP
834
835#define AR_NONE 0
836#define AR_INTERACT 1
837#define AR_NOINTERACT 2
838
81d882d5
DS		 839int auth_retry_get(void);
840
841bool auth_retry_set(const int msglevel, const char *option);
842
843const char *auth_retry_print(void);
6fbf66fa
JY		 844
845#endif
846
81d882d5
DS		 847void options_string_import(struct options *options,
848 const char *config,
849 const int msglevel,
850 const unsigned int permission_mask,
851 unsigned int *option_types_found,
852 struct env_set *es);
3c7f2f55 853
81d882d5 854#endif /* ifndef OPTIONS_H */
Mirror of https://github.com/OpenVPN/openvpn.git