]> git.ipfire.org Git - thirdparty/openvpn.git/blame_incremental - src/openvpn/options.h
projects / thirdparty / openvpn.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Fix new doxygen warnings about using @return in void functions
[thirdparty/openvpn.git] / src / openvpn / options.h
... / ...
CommitLineData
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24/*
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
27 */
28
29#ifndef OPTIONS_H
30#define OPTIONS_H
31
32#include "basic.h"
33#include "common.h"
34#include "mtu.h"
35#include "route.h"
36#include "tun.h"
37#include "socket.h"
38#include "plugin.h"
39#include "manage.h"
40#include "proxy.h"
41#include "comp.h"
42#include "pushlist.h"
43#include "clinat.h"
44#include "crypto_backend.h"
45#include "dns.h"
46
47
48/*
49 * Maximum number of parameters associated with an option,
50 * including the option name itself.
51 */
52#define MAX_PARMS 16
53
54/*
55 * Max size of options line and parameter.
56 */
57#define OPTION_PARM_SIZE 256
58#define OPTION_LINE_SIZE 256
59
60extern const char title_string[];
61
62/* certain options are saved before --pull modifications are applied */
63struct options_pre_connect
64{
65 bool tuntap_options_defined;
66 struct tuntap_options tuntap_options;
67
68 bool routes_defined;
69 struct route_option_list *routes;
70
71 bool routes_ipv6_defined;
72 struct route_ipv6_option_list *routes_ipv6;
73
74 const char *route_default_gateway;
75 const char *route_ipv6_default_gateway;
76
77 bool client_nat_defined;
78 struct client_nat_option_list *client_nat;
79
80 struct dns_options dns_options;
81
82 const char *ciphername;
83 const char *authname;
84
85 int ping_send_timeout;
86 int ping_rec_timeout;
87 int ping_rec_timeout_action;
88
89 int foreign_option_index;
90 struct compress_options comp;
91};
92
93#if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
94#error "At least one of OpenSSL or mbed TLS needs to be defined."
95#endif
96
97struct local_entry
98{
99 const char *local;
100 const char *port;
101 int proto;
102};
103
104struct connection_entry
105{
106 struct local_list *local_list;
107 int proto;
108 sa_family_t af;
109 const char *local_port;
110 bool local_port_defined;
111 const char *remote_port;
112 const char *remote;
113 bool remote_float;
114 bool bind_defined;
115 bool bind_ipv6_only;
116 bool bind_local;
117 int connect_retry_seconds;
118 int connect_retry_seconds_max;
119 int connect_timeout;
120 struct http_proxy_options *http_proxy_options;
121 const char *socks_proxy_server;
122 const char *socks_proxy_port;
123 const char *socks_proxy_authfile;
124
125 int tun_mtu; /* MTU of tun device */
126 int occ_mtu; /* if non-null, this is the MTU we announce to peers in OCC */
127 int tun_mtu_max; /* maximum MTU that can be pushed */
128
129 bool tun_mtu_defined; /* true if user overriding parm with command line option */
130 int tun_mtu_extra;
131 bool tun_mtu_extra_defined;
132 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
133 bool link_mtu_defined; /* true if user overriding parm with command line option */
134 int tls_mtu; /* Maximum MTU for the control channel messages */
135
136 /* Advanced MTU negotiation and datagram fragmentation options */
137 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
138
139 int fragment; /* internal fragmentation size */
140 bool fragment_encap; /* true if --fragment had the "mtu" parameter to
141 * include overhead from IP and TCP/UDP encapsulation */
142 int mssfix; /* Upper bound on TCP MSS */
143 bool mssfix_default; /* true if --mssfix should use the default parameters */
144 bool mssfix_encap; /* true if --mssfix had the "mtu" parameter to include
145 * overhead from IP and TCP/UDP encapsulation */
146 bool mssfix_fixed; /* use the mssfix value without any encapsulation adjustments */
147
148 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
149
150#define CE_DISABLED (1<<0)
151#define CE_MAN_QUERY_PROXY (1<<1)
152#define CE_MAN_QUERY_REMOTE_UNDEF 0
153#define CE_MAN_QUERY_REMOTE_QUERY 1
154#define CE_MAN_QUERY_REMOTE_ACCEPT 2
155#define CE_MAN_QUERY_REMOTE_MOD 3
156#define CE_MAN_QUERY_REMOTE_SKIP 4
157#define CE_MAN_QUERY_REMOTE_MASK (0x07)
158#define CE_MAN_QUERY_REMOTE_SHIFT (2)
159 unsigned int flags;
160
161 /* Shared secret used for TLS control channel authentication */
162 const char *tls_auth_file;
163 bool tls_auth_file_inline;
164 int key_direction;
165
166 /* Shared secret used for TLS control channel authenticated encryption */
167 const char *tls_crypt_file;
168 bool tls_crypt_file_inline;
169
170 /* Client-specific secret or server key used for TLS control channel
171 * authenticated encryption v2 */
172 const char *tls_crypt_v2_file;
173 bool tls_crypt_v2_file_inline;
174
175 /* Allow only client that support resending the wrapped client key */
176 bool tls_crypt_v2_force_cookie;
177};
178
179struct remote_entry
180{
181 const char *remote;
182 const char *remote_port;
183 int proto;
184 sa_family_t af;
185};
186
187#define CONNECTION_LIST_SIZE 64
188
189struct local_list
190{
191 int capacity;
192 int len;
193 struct local_entry **array;
194};
195
196struct connection_list
197{
198 int capacity;
199 int len;
200 int current;
201 struct connection_entry **array;
202};
203
204struct remote_list
205{
206 int capacity;
207 int len;
208 struct remote_entry **array;
209};
210
211struct provider_list
212{
213 /* Names of the providers */
214 const char *names[MAX_PARMS];
215 /* Pointers to the loaded providers to unload them */
216 provider_t *providers[MAX_PARMS];
217};
218
219enum vlan_acceptable_frames
220{
221 VLAN_ONLY_TAGGED,
222 VLAN_ONLY_UNTAGGED_OR_PRIORITY,
223 VLAN_ALL,
224};
225
226struct remote_host_store
227{
228#define RH_HOST_LEN 80
229 char host[RH_HOST_LEN];
230#define RH_PORT_LEN 20
231 char port[RH_PORT_LEN];
232};
233
234enum genkey_type {
235 GENKEY_SECRET,
236 GENKEY_TLS_CRYPTV2_CLIENT,
237 GENKEY_TLS_CRYPTV2_SERVER,
238 GENKEY_AUTH_TOKEN
239};
240
241struct verify_hash_list
242{
243 /* We support SHA256 and SHA1 fingerpint. In the case of using the
244 * deprecated SHA1, only the first 20 bytes of each list item are used */
245 uint8_t hash[SHA256_DIGEST_LENGTH];
246 struct verify_hash_list *next;
247};
248
249/* Command line options */
250struct options
251{
252 struct gc_arena gc;
253 bool gc_owned;
254
255 /* first config file */
256 const char *config;
257
258 /* major mode */
259#define MODE_POINT_TO_POINT 0
260#define MODE_SERVER 1
261 int mode;
262
263 /* enable forward compatibility for post-2.1 features */
264 bool forward_compatible;
265 /** What version we should try to be compatible with as major * 10000 +
266 * minor * 100 + patch, e.g. 2.4.7 => 20407 */
267 unsigned int backwards_compatible;
268
269 /* list of options that should be ignored even if unknown */
270 const char **ignore_unknown_option;
271
272 /* persist parms */
273 bool persist_config;
274 int persist_mode;
275
276 const char *key_pass_file;
277 bool show_ciphers;
278 bool show_digests;
279 bool show_engines;
280 bool show_tls_ciphers;
281 bool show_curves;
282 bool genkey;
283 enum genkey_type genkey_type;
284 const char *genkey_filename;
285 const char *genkey_extra_data;
286
287 /* Networking parms */
288 int connect_retry_max;
289 struct connection_entry ce;
290 struct connection_list *connection_list;
291
292 struct remote_list *remote_list;
293 /* Do not advance the connection or remote addr list */
294 bool no_advance;
295 /* Advance directly to the next remote, skipping remaining addresses of the
296 * current remote */
297 bool advance_next_remote;
298 /* Counts the number of unsuccessful connection attempts */
299 unsigned int unsuccessful_attempts;
300 /* count of connection entries to advance by when no_advance is not set */
301 int ce_advance_count;
302 /* the server can suggest a backoff time to the client, it
303 * will still be capped by the max timeout between connections
304 * (300s by default) */
305 int server_backoff_time;
306
307#if ENABLE_MANAGEMENT
308 struct http_proxy_options *http_proxy_override;
309#endif
310
311 struct remote_host_store *rh_store;
312
313 struct dns_options dns_options;
314
315 bool remote_random;
316 const char *ipchange;
317 const char *dev;
318 const char *dev_type;
319 const char *dev_node;
320 const char *lladdr;
321 int topology; /* one of the TOP_x values from proto.h */
322 const char *ifconfig_local;
323 const char *ifconfig_remote_netmask;
324 const char *ifconfig_ipv6_local;
325 int ifconfig_ipv6_netbits;
326 const char *ifconfig_ipv6_remote;
327 bool ifconfig_noexec;
328 bool ifconfig_nowarn;
329 int shaper;
330
331 int proto_force;
332
333 bool mtu_test;
334
335#ifdef ENABLE_MEMSTATS
336 char *memstats_fn;
337#endif
338
339 bool mlock;
340
341 int keepalive_ping; /* a proxy for ping/ping-restart */
342 int keepalive_timeout;
343
344 int inactivity_timeout; /* --inactive */
345 int64_t inactivity_minimum_bytes;
346
347 int session_timeout; /* Force-kill session after n seconds */
348
349 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
350 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
351 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
352
353#define PING_UNDEF 0
354#define PING_EXIT 1
355#define PING_RESTART 2
356 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
357
358 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
359 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
360 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
361
362#if PASSTOS_CAPABILITY
363 bool passtos;
364#endif
365
366 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
367 bool resolve_in_advance;
368 const char *ip_remote_hint;
369
370 struct tuntap_options tuntap_options;
371 /* DCO is disabled and should not be used as backend driver for the
372 * tun/tap device */
373 bool disable_dco;
374
375 /* Misc parms */
376 const char *username;
377 const char *groupname;
378 const char *chroot_dir;
379 const char *cd_dir;
380#ifdef ENABLE_SELINUX
381 char *selinux_context;
382#endif
383 const char *writepid;
384 const char *up_script;
385 const char *down_script;
386 bool user_script_used;
387 bool down_pre;
388 bool up_delay;
389 bool up_restart;
390 bool daemon;
391
392 int remap_sigusr1;
393
394 bool log;
395 bool suppress_timestamps;
396 bool machine_readable_output;
397 int nice;
398 int verbosity;
399 int mute;
400
401#ifdef ENABLE_DEBUG
402 int gremlin;
403#endif
404
405 const char *status_file;
406 int status_file_version;
407 int status_file_update_freq;
408
409 /* optimize TUN/TAP/UDP writes */
410 bool fast_io;
411
412 struct compress_options comp;
413
414 /* buffer sizes */
415 int rcvbuf;
416 int sndbuf;
417
418 /* mark value */
419 int mark;
420 char *bind_dev;
421
422 /* socket flags */
423 unsigned int sockflags;
424
425 /* route management */
426 const char *route_script;
427 const char *route_predown_script;
428 const char *route_default_gateway;
429 const char *route_ipv6_default_gateway;
430 int route_default_table_id;
431 int route_default_metric;
432 bool route_noexec;
433 int route_delay;
434 int route_delay_window;
435 bool route_delay_defined;
436 struct route_option_list *routes;
437 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
438 bool block_ipv6;
439 bool route_nopull;
440 bool route_gateway_via_dhcp;
441 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
442 struct client_nat_option_list *client_nat;
443
444 /* Enable options consistency check between peers */
445 bool occ;
446
447#ifdef ENABLE_MANAGEMENT
448 const char *management_addr;
449 const char *management_port;
450 const char *management_user_pass;
451 int management_log_history_cache;
452 int management_echo_buffer_size;
453 int management_state_buffer_size;
454
455 const char *management_client_user;
456 const char *management_client_group;
457
458 const char *management_certificate;
459#endif
460 /* Mask of MF_ values of manage.h */
461 unsigned int management_flags;
462
463#ifdef ENABLE_PLUGIN
464 struct plugin_option_list *plugin_list;
465#endif
466
467 /* the tmp dir is for now only used in the P2P server context */
468 const char *tmp_dir;
469 bool server_defined;
470 in_addr_t server_network;
471 in_addr_t server_netmask;
472 bool server_ipv6_defined; /* IPv6 */
473 struct in6_addr server_network_ipv6; /* IPv6 */
474 unsigned int server_netbits_ipv6; /* IPv6 */
475
476#define SF_NOPOOL (1<<0)
477#define SF_TCP_NODELAY_HELPER (1<<1)
478#define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
479 unsigned int server_flags;
480
481 bool server_bridge_proxy_dhcp;
482
483 bool server_bridge_defined;
484 in_addr_t server_bridge_ip;
485 in_addr_t server_bridge_netmask;
486 in_addr_t server_bridge_pool_start;
487 in_addr_t server_bridge_pool_end;
488
489 struct push_list push_list;
490 bool ifconfig_pool_defined;
491 in_addr_t ifconfig_pool_start;
492 in_addr_t ifconfig_pool_end;
493 in_addr_t ifconfig_pool_netmask;
494 const char *ifconfig_pool_persist_filename;
495 int ifconfig_pool_persist_refresh_freq;
496
497 bool ifconfig_ipv6_pool_defined; /* IPv6 */
498 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
499 int ifconfig_ipv6_pool_netbits; /* IPv6 */
500
501 int real_hash_size;
502 int virtual_hash_size;
503 const char *client_connect_script;
504 const char *client_disconnect_script;
505 const char *learn_address_script;
506 const char *client_crresponse_script;
507 const char *client_config_dir;
508 bool ccd_exclusive;
509 bool disable;
510 const char *override_username;
511 int n_bcast_buf;
512 int tcp_queue_limit;
513 struct iroute *iroutes;
514 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
515 bool push_ifconfig_defined;
516 in_addr_t push_ifconfig_local;
517 in_addr_t push_ifconfig_remote_netmask;
518 in_addr_t push_ifconfig_local_alias;
519 bool push_ifconfig_constraint_defined;
520 in_addr_t push_ifconfig_constraint_network;
521 in_addr_t push_ifconfig_constraint_netmask;
522 bool push_ifconfig_ipv4_blocked; /* IPv4 */
523 bool push_ifconfig_ipv6_defined; /* IPv6 */
524 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
525 int push_ifconfig_ipv6_netbits; /* IPv6 */
526 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
527 bool push_ifconfig_ipv6_blocked; /* IPv6 */
528 bool enable_c2c;
529 bool duplicate_cn;
530
531 int cf_max;
532 int cf_per;
533
534 int cf_initial_max;
535 int cf_initial_per;
536
537 int max_clients;
538 int max_routes_per_client;
539 int stale_routes_check_interval;
540 int stale_routes_ageing_time;
541
542 const char *auth_user_pass_verify_script;
543 bool auth_user_pass_verify_script_via_file;
544 bool auth_token_generate;
545 bool auth_token_call_auth;
546 int auth_token_lifetime;
547 int auth_token_renewal;
548 const char *auth_token_secret_file;
549 bool auth_token_secret_file_inline;
550
551#if PORT_SHARE
552 char *port_share_host;
553 char *port_share_port;
554 const char *port_share_journal_dir;
555#endif
556
557 bool client;
558 bool pull; /* client pull of config options from server */
559 int push_continuation;
560 unsigned int push_option_types_found;
561 const char *auth_user_pass_file;
562 bool auth_user_pass_file_inline;
563 struct options_pre_connect *pre_connect;
564
565 int scheduled_exit_interval;
566
567#ifdef ENABLE_MANAGEMENT
568 struct static_challenge_info sc_info;
569#endif
570 /* Cipher parms */
571 const char *shared_secret_file;
572 bool shared_secret_file_inline;
573 bool allow_deprecated_insecure_static_crypto;
574 int key_direction;
575 const char *ciphername;
576 bool enable_ncp_fallback; /**< If defined fall back to
577 * ciphername if NCP fails */
578 /** The original ncp_ciphers specified by the user in the configuration*/
579 const char *ncp_ciphers_conf;
580 const char *ncp_ciphers;
581 const char *authname;
582 const char *engine;
583 struct provider_list providers;
584 bool mute_replay_warnings;
585 int replay_window;
586 int replay_time;
587 const char *packet_id_file;
588 bool test_crypto;
589#ifdef ENABLE_PREDICTION_RESISTANCE
590 bool use_prediction_resistance;
591#endif
592
593 /* TLS (control channel) parms */
594 bool tls_server;
595 bool tls_client;
596 const char *ca_file;
597 bool ca_file_inline;
598 const char *ca_path;
599 const char *dh_file;
600 bool dh_file_inline;
601 const char *cert_file;
602 bool cert_file_inline;
603 const char *extra_certs_file;
604 bool extra_certs_file_inline;
605 const char *priv_key_file;
606 bool priv_key_file_inline;
607 const char *pkcs12_file;
608 bool pkcs12_file_inline;
609 const char *cipher_list;
610 const char *cipher_list_tls13;
611 const char *tls_groups;
612 const char *tls_cert_profile;
613 const char *ecdh_curve;
614 const char *tls_verify;
615 const char *tls_export_peer_cert_dir;
616 int verify_x509_type;
617 const char *verify_x509_name;
618 const char *crl_file;
619 bool crl_file_inline;
620
621 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
622 unsigned remote_cert_ku[MAX_PARMS];
623 const char *remote_cert_eku;
624 struct verify_hash_list *verify_hash;
625 hash_algo_type verify_hash_algo;
626 int verify_hash_depth;
627 bool verify_hash_no_ca;
628 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
629
630#ifdef ENABLE_PKCS11
631 const char *pkcs11_providers[MAX_PARMS];
632 unsigned pkcs11_private_mode[MAX_PARMS];
633 bool pkcs11_protected_authentication[MAX_PARMS];
634 bool pkcs11_cert_private[MAX_PARMS];
635 int pkcs11_pin_cache_period;
636 const char *pkcs11_id;
637 bool pkcs11_id_management;
638#endif
639
640#ifdef ENABLE_CRYPTOAPI
641 const char *cryptoapi_cert;
642#endif
643 /* Per-packet timeout on control channel */
644 int tls_timeout;
645
646 /* Data channel key renegotiation parameters */
647 int64_t renegotiate_bytes;
648 int64_t renegotiate_packets;
649 int renegotiate_seconds;
650 int renegotiate_seconds_min;
651
652 /* Data channel key handshake must finalize
653 * within n seconds of handshake initiation. */
654 int handshake_window;
655
656#ifdef ENABLE_X509ALTUSERNAME
657 /* Field list used to be the username in X509 cert. */
658 char *x509_username_field[MAX_PARMS];
659#endif
660
661 /* Old key allowed to live n seconds after new key goes active */
662 int transition_window;
663
664 /* Shared secret used for TLS control channel authentication */
665 const char *tls_auth_file;
666 bool tls_auth_file_inline;
667
668 /* Shared secret used for TLS control channel authenticated encryption */
669 const char *tls_crypt_file;
670 bool tls_crypt_file_inline;
671
672 /* Client-specific secret or server key used for TLS control channel
673 * authenticated encryption v2 */
674 const char *tls_crypt_v2_file;
675 bool tls_crypt_v2_file_inline;
676
677 const char *tls_crypt_v2_metadata;
678
679 const char *tls_crypt_v2_verify_script;
680
681 /* Allow only one session */
682 bool single_session;
683
684 bool push_peer_info;
685
686 bool tls_exit;
687
688 const struct x509_track *x509_track;
689
690 /* special state parms */
691 int foreign_option_index;
692
693#ifdef _WIN32
694 HANDLE msg_channel;
695 const char *exit_event_name;
696 bool exit_event_initial_state;
697 bool show_net_up;
698 int route_method;
699 bool block_outside_dns;
700 enum tun_driver_type windows_driver;
701#endif
702
703 bool use_peer_id;
704 uint32_t peer_id;
705
706 /* Keying Material Exporters [RFC 5705] */
707 const char *keying_material_exporter_label;
708 int keying_material_exporter_length;
709 /* force using TLS key material export for data channel key generation */
710 bool force_key_material_export;
711
712 bool vlan_tagging;
713 enum vlan_acceptable_frames vlan_accept;
714 uint16_t vlan_pvid;
715
716 struct pull_filter_list *pull_filter_list;
717
718 /* Useful when packets sent by openvpn itself are not subject
719 * to the routing tables that would move packets into the tunnel. */
720 bool allow_recursive_routing;
721
722 /* data channel crypto flags set by push/pull. Reuses the CO_* crypto_flags */
723 unsigned int imported_protocol_flags;
724};
725
726#define streq(x, y) (!strcmp((x), (y)))
727
728/*
729 * Option classes.
730 */
731#define OPT_P_GENERAL (1<<0)
732#define OPT_P_UP (1<<1)
733#define OPT_P_ROUTE (1<<2)
734#define OPT_P_DHCPDNS (1<<3) /* includes ip windows options like */
735#define OPT_P_SCRIPT (1<<4)
736#define OPT_P_SETENV (1<<5)
737#define OPT_P_SHAPER (1<<6)
738#define OPT_P_TIMER (1<<7)
739#define OPT_P_PERSIST (1<<8)
740#define OPT_P_PERSIST_IP (1<<9)
741#define OPT_P_COMP (1<<10) /* TODO */
742#define OPT_P_MESSAGES (1<<11)
743#define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */
744#define OPT_P_TLS_PARMS (1<<13) /* TODO */
745#define OPT_P_MTU (1<<14) /* TODO */
746#define OPT_P_NICE (1<<15)
747#define OPT_P_PUSH (1<<16)
748#define OPT_P_INSTANCE (1<<17) /**< allowed in ccd, client-connect etc*/
749#define OPT_P_CONFIG (1<<18)
750#define OPT_P_EXPLICIT_NOTIFY (1<<19)
751#define OPT_P_ECHO (1<<20)
752#define OPT_P_INHERIT (1<<21)
753#define OPT_P_ROUTE_EXTRAS (1<<22)
754#define OPT_P_PULL_MODE (1<<23)
755#define OPT_P_PLUGIN (1<<24)
756#define OPT_P_SOCKBUF (1<<25)
757#define OPT_P_SOCKFLAGS (1<<26)
758#define OPT_P_CONNECTION (1<<27)
759#define OPT_P_PEER_ID (1<<28)
760#define OPT_P_INLINE (1<<29)
761#define OPT_P_PUSH_MTU (1<<30)
762#define OPT_P_ROUTE_TABLE (1<<31)
763
764#define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
765
766#define PULL_DEFINED(opt) ((opt)->pull)
767#define PUSH_DEFINED(opt) ((opt)->push_list)
768
769#ifndef PULL_DEFINED
770#define PULL_DEFINED(opt) (false)
771#endif
772
773#ifndef PUSH_DEFINED
774#define PUSH_DEFINED(opt) (false)
775#endif
776
777#ifdef _WIN32
778#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
779#else
780#define ROUTE_OPTION_FLAGS(o) (0)
781#endif
782
783#define SHAPER_DEFINED(opt) ((opt)->shaper)
784
785#ifdef ENABLE_PLUGIN
786#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
787#else
788#define PLUGIN_OPTION_LIST(opt) (NULL)
789#endif
790
791#ifdef ENABLE_MANAGEMENT
792#define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
793#else
794#define MAN_CLIENT_AUTH_ENABLED(opt) (false)
795#endif
796
797void parse_argv(struct options *options,
798 const int argc,
799 char *argv[],
800 const int msglevel,
801 const unsigned int permission_mask,
802 unsigned int *option_types_found,
803 struct env_set *es);
804
805void notnull(const char *arg, const char *description);
806
807void usage_small(void);
808
809void show_library_versions(const unsigned int flags);
810
811#ifdef _WIN32
812void show_windows_version(const unsigned int flags);
813
814#endif
815
816void show_dco_version(const unsigned int flags);
817
818void init_options(struct options *o, const bool init_gc);
819
820void uninit_options(struct options *o);
821
822void setenv_settings(struct env_set *es, const struct options *o);
823
824void show_settings(const struct options *o);
825
826bool string_defined_equal(const char *s1, const char *s2);
827
828const char *options_string_version(const char *s, struct gc_arena *gc);
829
830char *options_string(const struct options *o,
831 const struct frame *frame,
832 struct tuntap *tt,
833 openvpn_net_ctx_t *ctx,
834 bool remote,
835 struct gc_arena *gc);
836
837bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
838
839void options_warning_safe(char *actual, const char *expected, size_t actual_n);
840
841bool options_cmp_equal(char *actual, const char *expected);
842
843void options_warning(char *actual, const char *expected);
844
845/**
846 * Given an OpenVPN options string, extract the value of an option.
847 *
848 * @param options_string Zero-terminated, comma-separated options string
849 * @param opt_name The name of the option to extract
850 * @param gc The gc to allocate the return value
851 *
852 * @return gc-allocated value of option with name opt_name if option was found,
853 * or NULL otherwise.
854 */
855char *options_string_extract_option(const char *options_string,
856 const char *opt_name, struct gc_arena *gc);
857
858
859void options_postprocess(struct options *options, struct env_set *es);
860
861bool options_postprocess_pull(struct options *o, struct env_set *es);
862
863void pre_connect_restore(struct options *o, struct gc_arena *gc);
864
865bool apply_push_options(struct options *options,
866 struct buffer *buf,
867 unsigned int permission_mask,
868 unsigned int *option_types_found,
869 struct env_set *es);
870
871void options_detach(struct options *o);
872
873void options_server_import(struct options *o,
874 const char *filename,
875 int msglevel,
876 unsigned int permission_mask,
877 unsigned int *option_types_found,
878 struct env_set *es);
879
880void pre_pull_default(struct options *o);
881
882void rol_check_alloc(struct options *options);
883
884int parse_line(const char *line,
885 char *p[],
886 const int n,
887 const char *file,
888 const int line_num,
889 int msglevel,
890 struct gc_arena *gc);
891
892/*
893 * parse/print topology coding
894 */
895
896int parse_topology(const char *str, const int msglevel);
897
898const char *print_topology(const int topology);
899
900/*
901 * Manage auth-retry variable
902 */
903
904#define AR_NONE 0
905#define AR_INTERACT 1
906#define AR_NOINTERACT 2
907
908int auth_retry_get(void);
909
910bool auth_retry_set(const int msglevel, const char *option);
911
912const char *auth_retry_print(void);
913
914void options_string_import(struct options *options,
915 const char *config,
916 const int msglevel,
917 const unsigned int permission_mask,
918 unsigned int *option_types_found,
919 struct env_set *es);
920
921bool key_is_external(const struct options *options);
922
923bool has_udp_in_local_list(const struct options *options);
924
925/**
926 * Returns whether the current configuration has dco enabled.
927 */
928static inline bool
929dco_enabled(const struct options *o)
930{
931#ifdef ENABLE_DCO
932 return !o->disable_dco;
933#else
934 return false;
935#endif /* ENABLE_DCO */
936}
937
938#endif /* ifndef OPTIONS_H */
Mirror of https://github.com/OpenVPN/openvpn.git