]> git.ipfire.org Git - thirdparty/openvpn.git/blame - src/openvpn/options.h
projects / thirdparty / openvpn.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
openvpnserv: Add support for multi-instances
[thirdparty/openvpn.git] / src / openvpn / options.h
CommitLineData
6fbf66fa
JY		 1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
58716979 8 * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
6fbf66fa
JY		 9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
caa54ac3
DS		 19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
6fbf66fa
JY		 22 */
23
24/*
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
27 */
28
29#ifndef OPTIONS_H
30#define OPTIONS_H
31
32#include "basic.h"
33#include "common.h"
34#include "mtu.h"
35#include "route.h"
36#include "tun.h"
37#include "socket.h"
38#include "plugin.h"
39#include "manage.h"
40#include "proxy.h"
38d96bd7 41#include "comp.h"
3eee126e 42#include "pushlist.h"
581bef87 43#include "clinat.h"
2193d7c0
DS		 44#ifdef ENABLE_CRYPTO
45#include "crypto_backend.h"
46#endif
47
6fbf66fa
JY		 48
49/*
50 * Maximum number of parameters associated with an option,
51 * including the option name itself.
52 */
53#define MAX_PARMS 16
54
55/*
56 * Max size of options line and parameter.
57 */
58#define OPTION_PARM_SIZE 256
59#define OPTION_LINE_SIZE 256
60
61extern const char title_string[];
62
63#if P2MP
64
6fbf66fa
JY		 65/* certain options are saved before --pull modifications are applied */
66struct options_pre_pull
67{
81d882d5
DS		 68 bool tuntap_options_defined;
69 struct tuntap_options tuntap_options;
6fbf66fa 70
81d882d5
DS		 71 bool routes_defined;
72 struct route_option_list *routes;
6fbf66fa 73
81d882d5
DS		 74 bool routes_ipv6_defined;
75 struct route_ipv6_option_list *routes_ipv6;
91402236 76
81d882d5
DS		 77 bool client_nat_defined;
78 struct client_nat_option_list *client_nat;
581bef87 79
81d882d5 80 int foreign_option_index;
6fbf66fa
JY		 81};
82
253329a8 83#endif
86d8cd68 84#if defined(ENABLE_CRYPTO) && !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
81d882d5 85#error "At least one of OpenSSL or mbed TLS needs to be defined."
6fbf66fa
JY		 86#endif
87
4e9a51d7
JY		 88struct connection_entry
89{
81d882d5
DS		 90 int proto;
91 sa_family_t af;
92 const char *local_port;
93 bool local_port_defined;
94 const char *remote_port;
95 const char *local;
96 const char *remote;
97 bool remote_float;
98 bool bind_defined;
99 bool bind_ipv6_only;
100 bool bind_local;
101 int connect_retry_seconds;
102 int connect_retry_seconds_max;
103 int connect_timeout;
104 struct http_proxy_options *http_proxy_options;
105 const char *socks_proxy_server;
106 const char *socks_proxy_port;
107 const char *socks_proxy_authfile;
108
109 int tun_mtu; /* MTU of tun device */
110 bool tun_mtu_defined; /* true if user overriding parm with command line option */
111 int tun_mtu_extra;
112 bool tun_mtu_extra_defined;
113 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
114 bool link_mtu_defined; /* true if user overriding parm with command line option */
115
116 /* Advanced MTU negotiation and datagram fragmentation options */
117 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
118
119 int fragment; /* internal fragmentation size */
120 int mssfix; /* Upper bound on TCP MSS */
121 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
122
123 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
124
125#define CE_DISABLED (1<<0)
126#define CE_MAN_QUERY_PROXY (1<<1)
127#define CE_MAN_QUERY_REMOTE_UNDEF 0
128#define CE_MAN_QUERY_REMOTE_QUERY 1
129#define CE_MAN_QUERY_REMOTE_ACCEPT 2
130#define CE_MAN_QUERY_REMOTE_MOD 3
131#define CE_MAN_QUERY_REMOTE_SKIP 4
132#define CE_MAN_QUERY_REMOTE_MASK (0x07)
133#define CE_MAN_QUERY_REMOTE_SHIFT (2)
134 unsigned int flags;
4e9a51d7
JY		 135};
136
137struct remote_entry
138{
81d882d5
DS		 139 const char *remote;
140 const char *remote_port;
141 int proto;
142 sa_family_t af;
4e9a51d7
JY		 143};
144
4e9a51d7
JY		 145#define CONNECTION_LIST_SIZE 64
146
147struct connection_list
148{
81d882d5
DS		 149 int len;
150 int current;
151 struct connection_entry *array[CONNECTION_LIST_SIZE];
4e9a51d7
JY		 152};
153
154struct remote_list
155{
81d882d5
DS		 156 int len;
157 struct remote_entry *array[CONNECTION_LIST_SIZE];
4e9a51d7
JY		 158};
159
54561af6
JY		 160struct remote_host_store
161{
81d882d5
DS		 162#define RH_HOST_LEN 80
163 char host[RH_HOST_LEN];
076fd3e4 164#define RH_PORT_LEN 20
81d882d5 165 char port[RH_PORT_LEN];
54561af6 166};
54561af6 167
6fbf66fa
JY		 168/* Command line options */
169struct options
170{
81d882d5
DS		 171 struct gc_arena gc;
172 bool gc_owned;
6fbf66fa 173
81d882d5
DS		 174 /* first config file */
175 const char *config;
6fbf66fa 176
81d882d5
DS		 177 /* major mode */
178#define MODE_POINT_TO_POINT 0
179#define MODE_SERVER 1
180 int mode;
6fbf66fa 181
81d882d5
DS		 182 /* enable forward compatibility for post-2.1 features */
183 bool forward_compatible;
42d9f324 184 /* list of options that should be ignored even if unknown */
81d882d5 185 const char **ignore_unknown_option;
373faab1 186
81d882d5
DS		 187 /* persist parms */
188 bool persist_config;
189 int persist_mode;
6fbf66fa 190
9b33b5a4 191#ifdef ENABLE_CRYPTO
81d882d5
DS		 192 const char *key_pass_file;
193 bool show_ciphers;
194 bool show_digests;
195 bool show_engines;
196 bool show_tls_ciphers;
197 bool show_curves;
198 bool genkey;
199#endif
200
201 /* Networking parms */
202 int connect_retry_max;
203 struct connection_entry ce;
204 struct connection_list *connection_list;
205
206 struct remote_list *remote_list;
207 /* Do not advanced the connection or remote addr list*/
208 bool no_advance;
209 /* Counts the number of unsuccessful connection attempts */
210 unsigned int unsuccessful_attempts;
4e9a51d7 211
a4b8f653 212#if ENABLE_MANAGEMENT
81d882d5
DS		 213 struct http_proxy_options *http_proxy_override;
214#endif
215
216 struct remote_host_store *rh_store;
217
218 bool remote_random;
219 const char *ipchange;
220 const char *dev;
221 const char *dev_type;
222 const char *dev_node;
223 const char *lladdr;
224 int topology; /* one of the TOP_x values from proto.h */
225 const char *ifconfig_local;
226 const char *ifconfig_remote_netmask;
227 const char *ifconfig_ipv6_local;
228 int ifconfig_ipv6_netbits;
229 const char *ifconfig_ipv6_remote;
230 bool ifconfig_noexec;
231 bool ifconfig_nowarn;
3d163bc5 232#ifdef ENABLE_FEATURE_SHAPER
81d882d5 233 int shaper;
6fbf66fa 234#endif
6fbf66fa 235
81d882d5 236 int proto_force;
51e6e5b0 237
6fbf66fa 238#ifdef ENABLE_OCC
81d882d5 239 bool mtu_test;
6fbf66fa
JY		 240#endif
241
ffea644c 242#ifdef ENABLE_MEMSTATS
81d882d5 243 char *memstats_fn;
ffea644c
JY		 244#endif
245
81d882d5 246 bool mlock;
6fbf66fa 247
81d882d5
DS		 248 int keepalive_ping; /* a proxy for ping/ping-restart */
249 int keepalive_timeout;
6fbf66fa 250
81d882d5
DS		 251 int inactivity_timeout; /* --inactive */
252 int inactivity_minimum_bytes;
838911cc 253
81d882d5
DS		 254 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
255 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
256 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
6fbf66fa 257
81d882d5
DS		 258#define PING_UNDEF 0
259#define PING_EXIT 1
260#define PING_RESTART 2
261 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
6fbf66fa 262
81d882d5
DS		 263 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
264 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
265 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
266 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
6fbf66fa 267
6fbf66fa 268#if PASSTOS_CAPABILITY
81d882d5 269 bool passtos;
6fbf66fa
JY		 270#endif
271
81d882d5
DS		 272 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
273 bool resolve_in_advance;
274 const char *ip_remote_hint;
6fbf66fa 275
81d882d5 276 struct tuntap_options tuntap_options;
6fbf66fa 277
81d882d5
DS		 278 /* Misc parms */
279 const char *username;
280 const char *groupname;
281 const char *chroot_dir;
282 const char *cd_dir;
cd5990e0 283#ifdef ENABLE_SELINUX
81d882d5 284 char *selinux_context;
99385447 285#endif
81d882d5
DS		 286 const char *writepid;
287 const char *up_script;
288 const char *down_script;
289 bool user_script_used;
290 bool down_pre;
291 bool up_delay;
292 bool up_restart;
293 bool daemon;
6fbf66fa 294
81d882d5 295 int remap_sigusr1;
6fbf66fa 296
81d882d5
DS		 297 /* inetd modes defined in socket.h */
298 int inetd;
6fbf66fa 299
81d882d5
DS		 300 bool log;
301 bool suppress_timestamps;
302 bool machine_readable_output;
303 int nice;
304 int verbosity;
305 int mute;
6fbf66fa
JY		 306
307#ifdef ENABLE_DEBUG
81d882d5 308 int gremlin;
6fbf66fa
JY		 309#endif
310
81d882d5
DS		 311 const char *status_file;
312 int status_file_version;
313 int status_file_update_freq;
6fbf66fa 314
81d882d5
DS		 315 /* optimize TUN/TAP/UDP writes */
316 bool fast_io;
6fbf66fa 317
38d96bd7 318#ifdef USE_COMP
81d882d5
DS		 319 struct compress_options comp;
320#endif
321
322 /* buffer sizes */
323 int rcvbuf;
324 int sndbuf;
325
326 /* mark value */
327 int mark;
328
329 /* socket flags */
330 unsigned int sockflags;
331
332 /* route management */
333 const char *route_script;
334 const char *route_predown_script;
335 const char *route_default_gateway;
336 int route_default_metric;
337 bool route_noexec;
338 int route_delay;
339 int route_delay_window;
340 bool route_delay_defined;
341 struct route_option_list *routes;
342 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
343 bool route_nopull;
344 bool route_gateway_via_dhcp;
345 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
346 struct client_nat_option_list *client_nat;
581bef87 347
6fbf66fa 348#ifdef ENABLE_OCC
81d882d5
DS		 349 /* Enable options consistency check between peers */
350 bool occ;
6fbf66fa
JY		 351#endif
352
353#ifdef ENABLE_MANAGEMENT
81d882d5
DS		 354 const char *management_addr;
355 const char *management_port;
356 const char *management_user_pass;
357 int management_log_history_cache;
358 int management_echo_buffer_size;
359 int management_state_buffer_size;
360 const char *management_write_peer_info_file;
90efcacb 361
81d882d5
DS		 362 const char *management_client_user;
363 const char *management_client_group;
bb564a59 364
81d882d5
DS		 365 /* Mask of MF_ values of manage.h */
366 unsigned int management_flags;
367 const char *management_certificate;
6fbf66fa
JY		 368#endif
369
370#ifdef ENABLE_PLUGIN
81d882d5 371 struct plugin_option_list *plugin_list;
6fbf66fa
JY		 372#endif
373
ea5e091e 374
b70d99fb 375
6fbf66fa
JY		 376#if P2MP
377
378#if P2MP_SERVER
81d882d5
DS		 379 /* the tmp dir is for now only used in the P2P server context */
380 const char *tmp_dir;
381 bool server_defined;
382 in_addr_t server_network;
383 in_addr_t server_netmask;
384 bool server_ipv6_defined; /* IPv6 */
385 struct in6_addr server_network_ipv6; /* IPv6 */
386 unsigned int server_netbits_ipv6; /* IPv6 */
387
388#define SF_NOPOOL (1<<0)
389#define SF_TCP_NODELAY_HELPER (1<<1)
390#define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
391 unsigned int server_flags;
392
393 bool server_bridge_proxy_dhcp;
394
395 bool server_bridge_defined;
396 in_addr_t server_bridge_ip;
397 in_addr_t server_bridge_netmask;
398 in_addr_t server_bridge_pool_start;
399 in_addr_t server_bridge_pool_end;
400
401 struct push_list push_list;
402 bool ifconfig_pool_defined;
403 in_addr_t ifconfig_pool_start;
404 in_addr_t ifconfig_pool_end;
405 in_addr_t ifconfig_pool_netmask;
406 const char *ifconfig_pool_persist_filename;
407 int ifconfig_pool_persist_refresh_freq;
408
409 bool ifconfig_ipv6_pool_defined; /* IPv6 */
410 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
411 int ifconfig_ipv6_pool_netbits; /* IPv6 */
412
413 int real_hash_size;
414 int virtual_hash_size;
415 const char *client_connect_script;
416 const char *client_disconnect_script;
417 const char *learn_address_script;
418 const char *client_config_dir;
419 bool ccd_exclusive;
420 bool disable;
421 int n_bcast_buf;
422 int tcp_queue_limit;
423 struct iroute *iroutes;
424 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
425 bool push_ifconfig_defined;
426 in_addr_t push_ifconfig_local;
427 in_addr_t push_ifconfig_remote_netmask;
428 in_addr_t push_ifconfig_local_alias;
429 bool push_ifconfig_constraint_defined;
430 in_addr_t push_ifconfig_constraint_network;
431 in_addr_t push_ifconfig_constraint_netmask;
432 bool push_ifconfig_ipv6_defined; /* IPv6 */
433 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
434 int push_ifconfig_ipv6_netbits; /* IPv6 */
435 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
436 bool push_ifconfig_ipv6_blocked; /* IPv6 */
437 bool enable_c2c;
438 bool duplicate_cn;
439 int cf_max;
440 int cf_per;
441 int max_clients;
442 int max_routes_per_client;
443 int stale_routes_check_interval;
444 int stale_routes_ageing_time;
445
446 const char *auth_user_pass_verify_script;
447 bool auth_user_pass_verify_script_via_file;
448 bool auth_token_generate;
449 unsigned int auth_token_lifetime;
6add6b2f 450#if PORT_SHARE
81d882d5
DS		 451 char *port_share_host;
452 char *port_share_port;
453 const char *port_share_journal_dir;
6fbf66fa 454#endif
81d882d5 455#endif /* if P2MP_SERVER */
6fbf66fa 456
81d882d5
DS		 457 bool client;
458 bool pull; /* client pull of config options from server */
459 int push_continuation;
460 unsigned int push_option_types_found;
461 const char *auth_user_pass_file;
462 struct options_pre_pull *pre_pull;
6fbf66fa 463
81d882d5 464 int scheduled_exit_interval;
6fbf66fa 465
75987303 466#ifdef ENABLE_CLIENT_CR
81d882d5 467 struct static_challenge_info sc_info;
6fbf66fa 468#endif
81d882d5 469#endif /* if P2MP */
6fbf66fa 470
9b33b5a4 471#ifdef ENABLE_CRYPTO
81d882d5
DS		 472 /* Cipher parms */
473 const char *shared_secret_file;
474 const char *shared_secret_file_inline;
475 int key_direction;
476 const char *ciphername;
477 bool ncp_enabled;
478 const char *ncp_ciphers;
479 const char *authname;
480 int keysize;
481 const char *prng_hash;
482 int prng_nonce_secret_len;
483 const char *engine;
484 bool replay;
485 bool mute_replay_warnings;
486 int replay_window;
487 int replay_time;
488 const char *packet_id_file;
81d882d5 489 bool test_crypto;
0f25d296 490#ifdef ENABLE_PREDICTION_RESISTANCE
81d882d5
DS		 491 bool use_prediction_resistance;
492#endif
493
494 /* TLS (control channel) parms */
495 bool tls_server;
496 bool tls_client;
497 const char *ca_file;
498 const char *ca_path;
499 const char *dh_file;
500 const char *cert_file;
501 const char *extra_certs_file;
502 const char *priv_key_file;
503 const char *pkcs12_file;
504 const char *cipher_list;
aba75874 505 const char *tls_cert_profile;
81d882d5
DS		 506 const char *ecdh_curve;
507 const char *tls_verify;
508 int verify_x509_type;
509 const char *verify_x509_name;
510 const char *tls_export_cert;
511 const char *crl_file;
512
513 const char *ca_file_inline;
514 const char *cert_file_inline;
515 const char *extra_certs_file_inline;
516 const char *crl_file_inline;
517 char *priv_key_file_inline;
518 const char *dh_file_inline;
519 const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
520
521 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
522 unsigned remote_cert_ku[MAX_PARMS];
523 const char *remote_cert_eku;
524 uint8_t *verify_hash;
2193d7c0 525 hash_algo_type verify_hash_algo;
81d882d5 526 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
bed73623
JY		 527
528#ifdef ENABLE_PKCS11
81d882d5
DS		 529 const char *pkcs11_providers[MAX_PARMS];
530 unsigned pkcs11_private_mode[MAX_PARMS];
531 bool pkcs11_protected_authentication[MAX_PARMS];
532 bool pkcs11_cert_private[MAX_PARMS];
533 int pkcs11_pin_cache_period;
534 const char *pkcs11_id;
535 bool pkcs11_id_management;
bed73623
JY		 536#endif
537
93c22ecc 538#ifdef ENABLE_CRYPTOAPI
81d882d5 539 const char *cryptoapi_cert;
6fbf66fa
JY		 540#endif
541
81d882d5
DS		 542 /* data channel key exchange method */
543 int key_method;
6fbf66fa 544
81d882d5
DS		 545 /* Per-packet timeout on control channel */
546 int tls_timeout;
6fbf66fa 547
81d882d5
DS		 548 /* Data channel key renegotiation parameters */
549 int renegotiate_bytes;
550 int renegotiate_packets;
551 int renegotiate_seconds;
dd996463 552 int renegotiate_seconds_min;
6fbf66fa 553
81d882d5
DS		 554 /* Data channel key handshake must finalize
555 * within n seconds of handshake initiation. */
556 int handshake_window;
6fbf66fa 557
fbd18db6 558#ifdef ENABLE_X509ALTUSERNAME
81d882d5
DS		 559 /* Field used to be the username in X509 cert. */
560 char *x509_username_field;
fbd18db6 561#endif
2e8337de 562
81d882d5
DS		 563 /* Old key allowed to live n seconds after new key goes active */
564 int transition_window;
6fbf66fa 565
81d882d5
DS		 566 /* Shared secret used for TLS control channel authentication */
567 const char *tls_auth_file;
568 const char *tls_auth_file_inline;
6fbf66fa 569
81d882d5
DS		 570 /* Shared secret used for TLS control channel authenticated encryption */
571 const char *tls_crypt_file;
572 const char *tls_crypt_inline;
c6e24fa3 573
81d882d5
DS		 574 /* Allow only one session */
575 bool single_session;
6fbf66fa 576
aaf72974 577#ifdef ENABLE_PUSH_PEER_INFO
81d882d5 578 bool push_peer_info;
aaf72974
JY		 579#endif
580
81d882d5 581 bool tls_exit;
6fbf66fa 582
9b33b5a4 583#endif /* ENABLE_CRYPTO */
6fbf66fa 584
81d882d5 585 const struct x509_track *x509_track;
9356bae8 586
81d882d5
DS		 587 /* special state parms */
588 int foreign_option_index;
6fbf66fa 589
445b192a 590#ifdef _WIN32
81d882d5
DS		 591 HANDLE msg_channel;
592 const char *exit_event_name;
593 bool exit_event_initial_state;
594 bool show_net_up;
595 int route_method;
596 bool block_outside_dns;
6fbf66fa 597#endif
65eedc35 598
81d882d5
DS		 599 bool use_peer_id;
600 uint32_t peer_id;
685e486e
DK		 601
602#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
81d882d5
DS		 603 /* Keying Material Exporters [RFC 5705] */
604 const char *keying_material_exporter_label;
605 int keying_material_exporter_length;
685e486e 606#endif
7f74c27e 607
81d882d5 608 struct pull_filter_list *pull_filter_list;
e8c42658 609
81d882d5
DS		 610 /* Useful when packets sent by openvpn itself are not subject
611 * to the routing tables that would move packets into the tunnel. */
612 bool allow_recursive_routing;
6fbf66fa
JY		 613};
614
615#define streq(x, y) (!strcmp((x), (y)))
616
617/*
618 * Option classes.
619 */
620#define OPT_P_GENERAL (1<<0)
621#define OPT_P_UP (1<<1)
622#define OPT_P_ROUTE (1<<2)
623#define OPT_P_IPWIN32 (1<<3)
624#define OPT_P_SCRIPT (1<<4)
625#define OPT_P_SETENV (1<<5)
626#define OPT_P_SHAPER (1<<6)
627#define OPT_P_TIMER (1<<7)
628#define OPT_P_PERSIST (1<<8)
629#define OPT_P_PERSIST_IP (1<<9)
630#define OPT_P_COMP (1<<10) /* TODO */
631#define OPT_P_MESSAGES (1<<11)
d728ebed 632#define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */
6fbf66fa
JY		 633#define OPT_P_TLS_PARMS (1<<13) /* TODO */
634#define OPT_P_MTU (1<<14) /* TODO */
635#define OPT_P_NICE (1<<15)
636#define OPT_P_PUSH (1<<16)
637#define OPT_P_INSTANCE (1<<17)
638#define OPT_P_CONFIG (1<<18)
639#define OPT_P_EXPLICIT_NOTIFY (1<<19)
640#define OPT_P_ECHO (1<<20)
641#define OPT_P_INHERIT (1<<21)
3c7f2f55
JY		 642#define OPT_P_ROUTE_EXTRAS (1<<22)
643#define OPT_P_PULL_MODE (1<<23)
644#define OPT_P_PLUGIN (1<<24)
00d39170
JY		 645#define OPT_P_SOCKBUF (1<<25)
646#define OPT_P_SOCKFLAGS (1<<26)
4e9a51d7 647#define OPT_P_CONNECTION (1<<27)
65eedc35 648#define OPT_P_PEER_ID (1<<28)
6fbf66fa 649
3c7f2f55 650#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
6fbf66fa
JY		 651
652#if P2MP
653#define PULL_DEFINED(opt) ((opt)->pull)
654#if P2MP_SERVER
655#define PUSH_DEFINED(opt) ((opt)->push_list)
656#endif
657#endif
658
659#ifndef PULL_DEFINED
660#define PULL_DEFINED(opt) (false)
661#endif
662
663#ifndef PUSH_DEFINED
664#define PUSH_DEFINED(opt) (false)
665#endif
666
445b192a 667#ifdef _WIN32
6fbf66fa
JY		 668#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
669#else
670#define ROUTE_OPTION_FLAGS(o) (0)
671#endif
672
3d163bc5 673#ifdef ENABLE_FEATURE_SHAPER
6fbf66fa
JY		 674#define SHAPER_DEFINED(opt) ((opt)->shaper)
675#else
676#define SHAPER_DEFINED(opt) (false)
677#endif
678
679#ifdef ENABLE_PLUGIN
680#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
681#else
682#define PLUGIN_OPTION_LIST(opt) (NULL)
683#endif
684
90efcacb
JY		 685#ifdef MANAGEMENT_DEF_AUTH
686#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
687#else
688#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
689#endif
690
81d882d5
DS		 691void parse_argv(struct options *options,
692 const int argc,
693 char *argv[],
694 const int msglevel,
695 const unsigned int permission_mask,
696 unsigned int *option_types_found,
697 struct env_set *es);
6fbf66fa 698
81d882d5 699void notnull(const char *arg, const char *description);
6fbf66fa 700
81d882d5 701void usage_small(void);
6fbf66fa 702
5b17803e
JY		 703void show_library_versions(const unsigned int flags);
704
445b192a 705#ifdef _WIN32
cdc65ea0 706void show_windows_version(const unsigned int flags);
81d882d5 707
cdc65ea0
LS		 708#endif
709
81d882d5
DS		 710void init_options(struct options *o, const bool init_gc);
711
712void uninit_options(struct options *o);
6fbf66fa 713
81d882d5 714void setenv_settings(struct env_set *es, const struct options *o);
6fbf66fa 715
81d882d5
DS		 716void show_settings(const struct options *o);
717
718bool string_defined_equal(const char *s1, const char *s2);
6fbf66fa
JY		 719
720#ifdef ENABLE_OCC
721
81d882d5
DS		 722const char *options_string_version(const char *s, struct gc_arena *gc);
723
724char *options_string(const struct options *o,
725 const struct frame *frame,
726 struct tuntap *tt,
727 bool remote,
728 struct gc_arena *gc);
729
730bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
6fbf66fa 731
81d882d5 732void options_warning_safe(char *actual, const char *expected, size_t actual_n);
6fbf66fa 733
81d882d5
DS		 734bool options_cmp_equal(char *actual, const char *expected);
735
736void options_warning(char *actual, const char *expected);
6fbf66fa
JY		 737
738#endif
739
6e5ad2fa
SK		 740/**
741 * Given an OpenVPN options string, extract the value of an option.
742 *
81d882d5
DS		 743 * @param options_string Zero-terminated, comma-separated options string
744 * @param opt_name The name of the option to extract
745 * @param gc The gc to allocate the return value
6e5ad2fa
SK		 746 *
747 * @return gc-allocated value of option with name opt_name if option was found,
748 * or NULL otherwise.
749 */
81d882d5
DS		 750char *options_string_extract_option(const char *options_string,
751 const char *opt_name, struct gc_arena *gc);
752
6e5ad2fa 753
81d882d5 754void options_postprocess(struct options *options);
6e5ad2fa 755
81d882d5 756void pre_pull_save(struct options *o);
6fbf66fa 757
81d882d5 758void pre_pull_restore(struct options *o, struct gc_arena *gc);
6fbf66fa 759
81d882d5
DS		 760bool apply_push_options(struct options *options,
761 struct buffer *buf,
762 unsigned int permission_mask,
763 unsigned int *option_types_found,
764 struct env_set *es);
6fbf66fa 765
81d882d5 766void options_detach(struct options *o);
6fbf66fa 767
81d882d5
DS		 768void options_server_import(struct options *o,
769 const char *filename,
770 int msglevel,
771 unsigned int permission_mask,
772 unsigned int *option_types_found,
773 struct env_set *es);
6fbf66fa 774
81d882d5 775void pre_pull_default(struct options *o);
6fbf66fa 776
81d882d5 777void rol_check_alloc(struct options *options);
6fbf66fa 778
81d882d5
DS		 779int parse_line(const char *line,
780 char *p[],
781 const int n,
782 const char *file,
783 const int line_num,
784 int msglevel,
785 struct gc_arena *gc);
6fbf66fa 786
3c7f2f55
JY		 787/*
788 * parse/print topology coding
789 */
790
81d882d5
DS		 791int parse_topology(const char *str, const int msglevel);
792
793const char *print_topology(const int topology);
3c7f2f55 794
6fbf66fa
JY		 795/*
796 * Manage auth-retry variable
797 */
798
799#if P2MP
800
801#define AR_NONE 0
802#define AR_INTERACT 1
803#define AR_NOINTERACT 2
804
81d882d5
DS		 805int auth_retry_get(void);
806
807bool auth_retry_set(const int msglevel, const char *option);
808
809const char *auth_retry_print(void);
6fbf66fa
JY		 810
811#endif
812
81d882d5
DS		 813void options_string_import(struct options *options,
814 const char *config,
815 const int msglevel,
816 const unsigned int permission_mask,
817 unsigned int *option_types_found,
818 struct env_set *es);
3c7f2f55 819
81d882d5
DS		 820bool get_ipv6_addr( const char *prefix_str, struct in6_addr *network,
821 unsigned int *netbits, int msglevel );
512cda46 822
4e9a51d7 823
81d882d5 824#endif /* ifndef OPTIONS_H */
Mirror of https://github.com/OpenVPN/openvpn.git