]> git.ipfire.org Git - thirdparty/openvpn.git/blob - src/openvpn/options.h
projects / thirdparty / openvpn.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Implement --genkey type keyfile syntax and migrate tls-crypt-v2
[thirdparty/openvpn.git] / src / openvpn / options.h
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24 /*
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
27 */
28
29 #ifndef OPTIONS_H
30 #define OPTIONS_H
31
32 #include "basic.h"
33 #include "common.h"
34 #include "mtu.h"
35 #include "route.h"
36 #include "tun.h"
37 #include "socket.h"
38 #include "plugin.h"
39 #include "manage.h"
40 #include "proxy.h"
41 #include "comp.h"
42 #include "pushlist.h"
43 #include "clinat.h"
44 #include "crypto_backend.h"
45
46
47 /*
48 * Maximum number of parameters associated with an option,
49 * including the option name itself.
50 */
51 #define MAX_PARMS 16
52
53 /*
54 * Max size of options line and parameter.
55 */
56 #define OPTION_PARM_SIZE 256
57 #define OPTION_LINE_SIZE 256
58
59 extern const char title_string[];
60
61 #if P2MP
62
63 /* certain options are saved before --pull modifications are applied */
64 struct options_pre_pull
65 {
66 bool tuntap_options_defined;
67 struct tuntap_options tuntap_options;
68
69 bool routes_defined;
70 struct route_option_list *routes;
71
72 bool routes_ipv6_defined;
73 struct route_ipv6_option_list *routes_ipv6;
74
75 bool client_nat_defined;
76 struct client_nat_option_list *client_nat;
77
78 int foreign_option_index;
79 };
80
81 #endif
82 #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
83 #error "At least one of OpenSSL or mbed TLS needs to be defined."
84 #endif
85
86 struct connection_entry
87 {
88 int proto;
89 sa_family_t af;
90 const char *local_port;
91 bool local_port_defined;
92 const char *remote_port;
93 const char *local;
94 const char *remote;
95 bool remote_float;
96 bool bind_defined;
97 bool bind_ipv6_only;
98 bool bind_local;
99 int connect_retry_seconds;
100 int connect_retry_seconds_max;
101 int connect_timeout;
102 struct http_proxy_options *http_proxy_options;
103 const char *socks_proxy_server;
104 const char *socks_proxy_port;
105 const char *socks_proxy_authfile;
106
107 int tun_mtu; /* MTU of tun device */
108 bool tun_mtu_defined; /* true if user overriding parm with command line option */
109 int tun_mtu_extra;
110 bool tun_mtu_extra_defined;
111 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
112 bool link_mtu_defined; /* true if user overriding parm with command line option */
113
114 /* Advanced MTU negotiation and datagram fragmentation options */
115 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
116
117 int fragment; /* internal fragmentation size */
118 int mssfix; /* Upper bound on TCP MSS */
119 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
120
121 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
122
123 #define CE_DISABLED (1<<0)
124 #define CE_MAN_QUERY_PROXY (1<<1)
125 #define CE_MAN_QUERY_REMOTE_UNDEF 0
126 #define CE_MAN_QUERY_REMOTE_QUERY 1
127 #define CE_MAN_QUERY_REMOTE_ACCEPT 2
128 #define CE_MAN_QUERY_REMOTE_MOD 3
129 #define CE_MAN_QUERY_REMOTE_SKIP 4
130 #define CE_MAN_QUERY_REMOTE_MASK (0x07)
131 #define CE_MAN_QUERY_REMOTE_SHIFT (2)
132 unsigned int flags;
133
134 /* Shared secret used for TLS control channel authentication */
135 const char *tls_auth_file;
136 const char *tls_auth_file_inline;
137 int key_direction;
138
139 /* Shared secret used for TLS control channel authenticated encryption */
140 const char *tls_crypt_file;
141 const char *tls_crypt_inline;
142
143 /* Client-specific secret or server key used for TLS control channel
144 * authenticated encryption v2 */
145 const char *tls_crypt_v2_file;
146 const char *tls_crypt_v2_inline;
147 };
148
149 struct remote_entry
150 {
151 const char *remote;
152 const char *remote_port;
153 int proto;
154 sa_family_t af;
155 };
156
157 #define CONNECTION_LIST_SIZE 64
158
159 struct connection_list
160 {
161 int len;
162 int current;
163 struct connection_entry *array[CONNECTION_LIST_SIZE];
164 };
165
166 struct remote_list
167 {
168 int len;
169 struct remote_entry *array[CONNECTION_LIST_SIZE];
170 };
171
172 struct remote_host_store
173 {
174 #define RH_HOST_LEN 80
175 char host[RH_HOST_LEN];
176 #define RH_PORT_LEN 20
177 char port[RH_PORT_LEN];
178 };
179
180 enum genkey_type {
181 GENKEY_SECRET,
182 GENKEY_TLS_CRYPTV2_CLIENT,
183 GENKEY_TLS_CRYPTV2_SERVER,
184 };
185
186 /* Command line options */
187 struct options
188 {
189 struct gc_arena gc;
190 bool gc_owned;
191
192 /* first config file */
193 const char *config;
194
195 /* major mode */
196 #define MODE_POINT_TO_POINT 0
197 #define MODE_SERVER 1
198 int mode;
199
200 /* enable forward compatibility for post-2.1 features */
201 bool forward_compatible;
202 /* list of options that should be ignored even if unknown */
203 const char **ignore_unknown_option;
204
205 /* persist parms */
206 bool persist_config;
207 int persist_mode;
208
209 const char *key_pass_file;
210 bool show_ciphers;
211 bool show_digests;
212 bool show_engines;
213 bool show_tls_ciphers;
214 bool show_curves;
215 bool genkey;
216 enum genkey_type genkey_type;
217 const char* genkey_filename;
218 const char* genkey_extra_data;
219
220 /* Networking parms */
221 int connect_retry_max;
222 struct connection_entry ce;
223 struct connection_list *connection_list;
224
225 struct remote_list *remote_list;
226 /* Do not advanced the connection or remote addr list*/
227 bool no_advance;
228 /* Counts the number of unsuccessful connection attempts */
229 unsigned int unsuccessful_attempts;
230
231 #if ENABLE_MANAGEMENT
232 struct http_proxy_options *http_proxy_override;
233 #endif
234
235 struct remote_host_store *rh_store;
236
237 bool remote_random;
238 const char *ipchange;
239 const char *dev;
240 const char *dev_type;
241 const char *dev_node;
242 const char *lladdr;
243 int topology; /* one of the TOP_x values from proto.h */
244 const char *ifconfig_local;
245 const char *ifconfig_remote_netmask;
246 const char *ifconfig_ipv6_local;
247 int ifconfig_ipv6_netbits;
248 const char *ifconfig_ipv6_remote;
249 bool ifconfig_noexec;
250 bool ifconfig_nowarn;
251 #ifdef ENABLE_FEATURE_SHAPER
252 int shaper;
253 #endif
254
255 int proto_force;
256
257 #ifdef ENABLE_OCC
258 bool mtu_test;
259 #endif
260
261 #ifdef ENABLE_MEMSTATS
262 char *memstats_fn;
263 #endif
264
265 bool mlock;
266
267 int keepalive_ping; /* a proxy for ping/ping-restart */
268 int keepalive_timeout;
269
270 int inactivity_timeout; /* --inactive */
271 int inactivity_minimum_bytes;
272
273 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
274 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
275 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
276
277 #define PING_UNDEF 0
278 #define PING_EXIT 1
279 #define PING_RESTART 2
280 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
281
282 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
283 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
284 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
285 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
286
287 #if PASSTOS_CAPABILITY
288 bool passtos;
289 #endif
290
291 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
292 bool resolve_in_advance;
293 const char *ip_remote_hint;
294
295 struct tuntap_options tuntap_options;
296
297 /* Misc parms */
298 const char *username;
299 const char *groupname;
300 const char *chroot_dir;
301 const char *cd_dir;
302 #ifdef ENABLE_SELINUX
303 char *selinux_context;
304 #endif
305 const char *writepid;
306 const char *up_script;
307 const char *down_script;
308 bool user_script_used;
309 bool down_pre;
310 bool up_delay;
311 bool up_restart;
312 bool daemon;
313
314 int remap_sigusr1;
315
316 /* inetd modes defined in socket.h */
317 int inetd;
318
319 bool log;
320 bool suppress_timestamps;
321 bool machine_readable_output;
322 int nice;
323 int verbosity;
324 int mute;
325
326 #ifdef ENABLE_DEBUG
327 int gremlin;
328 #endif
329
330 const char *status_file;
331 int status_file_version;
332 int status_file_update_freq;
333
334 /* optimize TUN/TAP/UDP writes */
335 bool fast_io;
336
337 #ifdef USE_COMP
338 struct compress_options comp;
339 #endif
340
341 /* buffer sizes */
342 int rcvbuf;
343 int sndbuf;
344
345 /* mark value */
346 int mark;
347
348 /* socket flags */
349 unsigned int sockflags;
350
351 /* route management */
352 const char *route_script;
353 const char *route_predown_script;
354 const char *route_default_gateway;
355 const char *route_ipv6_default_gateway;
356 int route_default_metric;
357 bool route_noexec;
358 int route_delay;
359 int route_delay_window;
360 bool route_delay_defined;
361 struct route_option_list *routes;
362 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
363 bool block_ipv6;
364 bool route_nopull;
365 bool route_gateway_via_dhcp;
366 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
367 struct client_nat_option_list *client_nat;
368
369 #ifdef ENABLE_OCC
370 /* Enable options consistency check between peers */
371 bool occ;
372 #endif
373
374 #ifdef ENABLE_MANAGEMENT
375 const char *management_addr;
376 const char *management_port;
377 const char *management_user_pass;
378 int management_log_history_cache;
379 int management_echo_buffer_size;
380 int management_state_buffer_size;
381 const char *management_write_peer_info_file;
382
383 const char *management_client_user;
384 const char *management_client_group;
385
386 /* Mask of MF_ values of manage.h */
387 unsigned int management_flags;
388 const char *management_certificate;
389 #endif
390
391 #ifdef ENABLE_PLUGIN
392 struct plugin_option_list *plugin_list;
393 #endif
394
395
396
397 #if P2MP
398
399 #if P2MP_SERVER
400 /* the tmp dir is for now only used in the P2P server context */
401 const char *tmp_dir;
402 bool server_defined;
403 in_addr_t server_network;
404 in_addr_t server_netmask;
405 bool server_ipv6_defined; /* IPv6 */
406 struct in6_addr server_network_ipv6; /* IPv6 */
407 unsigned int server_netbits_ipv6; /* IPv6 */
408
409 #define SF_NOPOOL (1<<0)
410 #define SF_TCP_NODELAY_HELPER (1<<1)
411 #define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
412 unsigned int server_flags;
413
414 bool server_bridge_proxy_dhcp;
415
416 bool server_bridge_defined;
417 in_addr_t server_bridge_ip;
418 in_addr_t server_bridge_netmask;
419 in_addr_t server_bridge_pool_start;
420 in_addr_t server_bridge_pool_end;
421
422 struct push_list push_list;
423 bool ifconfig_pool_defined;
424 in_addr_t ifconfig_pool_start;
425 in_addr_t ifconfig_pool_end;
426 in_addr_t ifconfig_pool_netmask;
427 const char *ifconfig_pool_persist_filename;
428 int ifconfig_pool_persist_refresh_freq;
429
430 bool ifconfig_ipv6_pool_defined; /* IPv6 */
431 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
432 int ifconfig_ipv6_pool_netbits; /* IPv6 */
433
434 int real_hash_size;
435 int virtual_hash_size;
436 const char *client_connect_script;
437 const char *client_disconnect_script;
438 const char *learn_address_script;
439 const char *client_config_dir;
440 bool ccd_exclusive;
441 bool disable;
442 int n_bcast_buf;
443 int tcp_queue_limit;
444 struct iroute *iroutes;
445 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
446 bool push_ifconfig_defined;
447 in_addr_t push_ifconfig_local;
448 in_addr_t push_ifconfig_remote_netmask;
449 in_addr_t push_ifconfig_local_alias;
450 bool push_ifconfig_constraint_defined;
451 in_addr_t push_ifconfig_constraint_network;
452 in_addr_t push_ifconfig_constraint_netmask;
453 bool push_ifconfig_ipv4_blocked; /* IPv4 */
454 bool push_ifconfig_ipv6_defined; /* IPv6 */
455 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
456 int push_ifconfig_ipv6_netbits; /* IPv6 */
457 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
458 bool push_ifconfig_ipv6_blocked; /* IPv6 */
459 bool enable_c2c;
460 bool duplicate_cn;
461 int cf_max;
462 int cf_per;
463 int max_clients;
464 int max_routes_per_client;
465 int stale_routes_check_interval;
466 int stale_routes_ageing_time;
467
468 const char *auth_user_pass_verify_script;
469 bool auth_user_pass_verify_script_via_file;
470 bool auth_token_generate;
471 unsigned int auth_token_lifetime;
472 #if PORT_SHARE
473 char *port_share_host;
474 char *port_share_port;
475 const char *port_share_journal_dir;
476 #endif
477 #endif /* if P2MP_SERVER */
478
479 bool client;
480 bool pull; /* client pull of config options from server */
481 int push_continuation;
482 unsigned int push_option_types_found;
483 const char *auth_user_pass_file;
484 struct options_pre_pull *pre_pull;
485
486 int scheduled_exit_interval;
487
488 #ifdef ENABLE_MANAGEMENT
489 struct static_challenge_info sc_info;
490 #endif
491 #endif /* if P2MP */
492
493 /* Cipher parms */
494 const char *shared_secret_file;
495 const char *shared_secret_file_inline;
496 int key_direction;
497 const char *ciphername;
498 bool ncp_enabled;
499 const char *ncp_ciphers;
500 const char *authname;
501 int keysize;
502 const char *prng_hash;
503 int prng_nonce_secret_len;
504 const char *engine;
505 bool replay;
506 bool mute_replay_warnings;
507 int replay_window;
508 int replay_time;
509 const char *packet_id_file;
510 bool test_crypto;
511 #ifdef ENABLE_PREDICTION_RESISTANCE
512 bool use_prediction_resistance;
513 #endif
514
515 /* TLS (control channel) parms */
516 bool tls_server;
517 bool tls_client;
518 const char *ca_file;
519 const char *ca_path;
520 const char *dh_file;
521 const char *cert_file;
522 const char *extra_certs_file;
523 const char *priv_key_file;
524 const char *pkcs12_file;
525 const char *cipher_list;
526 const char *cipher_list_tls13;
527 const char *tls_cert_profile;
528 const char *ecdh_curve;
529 const char *tls_verify;
530 int verify_x509_type;
531 const char *verify_x509_name;
532 const char *tls_export_cert;
533 const char *crl_file;
534
535 const char *ca_file_inline;
536 const char *cert_file_inline;
537 const char *extra_certs_file_inline;
538 const char *crl_file_inline;
539 char *priv_key_file_inline;
540 const char *dh_file_inline;
541 const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
542
543 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
544 unsigned remote_cert_ku[MAX_PARMS];
545 const char *remote_cert_eku;
546 uint8_t *verify_hash;
547 hash_algo_type verify_hash_algo;
548 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
549
550 #ifdef ENABLE_PKCS11
551 const char *pkcs11_providers[MAX_PARMS];
552 unsigned pkcs11_private_mode[MAX_PARMS];
553 bool pkcs11_protected_authentication[MAX_PARMS];
554 bool pkcs11_cert_private[MAX_PARMS];
555 int pkcs11_pin_cache_period;
556 const char *pkcs11_id;
557 bool pkcs11_id_management;
558 #endif
559
560 #ifdef ENABLE_CRYPTOAPI
561 const char *cryptoapi_cert;
562 #endif
563
564 /* data channel key exchange method */
565 int key_method;
566
567 /* Per-packet timeout on control channel */
568 int tls_timeout;
569
570 /* Data channel key renegotiation parameters */
571 int renegotiate_bytes;
572 int renegotiate_packets;
573 int renegotiate_seconds;
574 int renegotiate_seconds_min;
575
576 /* Data channel key handshake must finalize
577 * within n seconds of handshake initiation. */
578 int handshake_window;
579
580 #ifdef ENABLE_X509ALTUSERNAME
581 /* Field used to be the username in X509 cert. */
582 char *x509_username_field;
583 #endif
584
585 /* Old key allowed to live n seconds after new key goes active */
586 int transition_window;
587
588 /* Shared secret used for TLS control channel authentication */
589 const char *tls_auth_file;
590 const char *tls_auth_file_inline;
591
592 /* Shared secret used for TLS control channel authenticated encryption */
593 const char *tls_crypt_file;
594 const char *tls_crypt_inline;
595
596 /* Client-specific secret or server key used for TLS control channel
597 * authenticated encryption v2 */
598 const char *tls_crypt_v2_file;
599 const char *tls_crypt_v2_inline;
600
601 const char *tls_crypt_v2_metadata;
602
603 const char *tls_crypt_v2_verify_script;
604
605 /* Allow only one session */
606 bool single_session;
607
608 bool push_peer_info;
609
610 bool tls_exit;
611
612 const struct x509_track *x509_track;
613
614 /* special state parms */
615 int foreign_option_index;
616
617 #ifdef _WIN32
618 HANDLE msg_channel;
619 const char *exit_event_name;
620 bool exit_event_initial_state;
621 bool show_net_up;
622 int route_method;
623 bool block_outside_dns;
624 #endif
625
626 bool use_peer_id;
627 uint32_t peer_id;
628
629 #if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
630 /* Keying Material Exporters [RFC 5705] */
631 const char *keying_material_exporter_label;
632 int keying_material_exporter_length;
633 #endif
634
635 struct pull_filter_list *pull_filter_list;
636
637 /* Useful when packets sent by openvpn itself are not subject
638 * to the routing tables that would move packets into the tunnel. */
639 bool allow_recursive_routing;
640 };
641
642 #define streq(x, y) (!strcmp((x), (y)))
643
644 /*
645 * Option classes.
646 */
647 #define OPT_P_GENERAL (1<<0)
648 #define OPT_P_UP (1<<1)
649 #define OPT_P_ROUTE (1<<2)
650 #define OPT_P_IPWIN32 (1<<3)
651 #define OPT_P_SCRIPT (1<<4)
652 #define OPT_P_SETENV (1<<5)
653 #define OPT_P_SHAPER (1<<6)
654 #define OPT_P_TIMER (1<<7)
655 #define OPT_P_PERSIST (1<<8)
656 #define OPT_P_PERSIST_IP (1<<9)
657 #define OPT_P_COMP (1<<10) /* TODO */
658 #define OPT_P_MESSAGES (1<<11)
659 #define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */
660 #define OPT_P_TLS_PARMS (1<<13) /* TODO */
661 #define OPT_P_MTU (1<<14) /* TODO */
662 #define OPT_P_NICE (1<<15)
663 #define OPT_P_PUSH (1<<16)
664 #define OPT_P_INSTANCE (1<<17)
665 #define OPT_P_CONFIG (1<<18)
666 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
667 #define OPT_P_ECHO (1<<20)
668 #define OPT_P_INHERIT (1<<21)
669 #define OPT_P_ROUTE_EXTRAS (1<<22)
670 #define OPT_P_PULL_MODE (1<<23)
671 #define OPT_P_PLUGIN (1<<24)
672 #define OPT_P_SOCKBUF (1<<25)
673 #define OPT_P_SOCKFLAGS (1<<26)
674 #define OPT_P_CONNECTION (1<<27)
675 #define OPT_P_PEER_ID (1<<28)
676
677 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
678
679 #if P2MP
680 #define PULL_DEFINED(opt) ((opt)->pull)
681 #if P2MP_SERVER
682 #define PUSH_DEFINED(opt) ((opt)->push_list)
683 #endif
684 #endif
685
686 #ifndef PULL_DEFINED
687 #define PULL_DEFINED(opt) (false)
688 #endif
689
690 #ifndef PUSH_DEFINED
691 #define PUSH_DEFINED(opt) (false)
692 #endif
693
694 #ifdef _WIN32
695 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
696 #else
697 #define ROUTE_OPTION_FLAGS(o) (0)
698 #endif
699
700 #ifdef ENABLE_FEATURE_SHAPER
701 #define SHAPER_DEFINED(opt) ((opt)->shaper)
702 #else
703 #define SHAPER_DEFINED(opt) (false)
704 #endif
705
706 #ifdef ENABLE_PLUGIN
707 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
708 #else
709 #define PLUGIN_OPTION_LIST(opt) (NULL)
710 #endif
711
712 #ifdef MANAGEMENT_DEF_AUTH
713 #define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
714 #else
715 #define MAN_CLIENT_AUTH_ENABLED(opt) (false)
716 #endif
717
718 void parse_argv(struct options *options,
719 const int argc,
720 char *argv[],
721 const int msglevel,
722 const unsigned int permission_mask,
723 unsigned int *option_types_found,
724 struct env_set *es);
725
726 void notnull(const char *arg, const char *description);
727
728 void usage_small(void);
729
730 void show_library_versions(const unsigned int flags);
731
732 #ifdef _WIN32
733 void show_windows_version(const unsigned int flags);
734
735 #endif
736
737 void init_options(struct options *o, const bool init_gc);
738
739 void uninit_options(struct options *o);
740
741 void setenv_settings(struct env_set *es, const struct options *o);
742
743 void show_settings(const struct options *o);
744
745 bool string_defined_equal(const char *s1, const char *s2);
746
747 #ifdef ENABLE_OCC
748
749 const char *options_string_version(const char *s, struct gc_arena *gc);
750
751 char *options_string(const struct options *o,
752 const struct frame *frame,
753 struct tuntap *tt,
754 openvpn_net_ctx_t *ctx,
755 bool remote,
756 struct gc_arena *gc);
757
758 bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
759
760 void options_warning_safe(char *actual, const char *expected, size_t actual_n);
761
762 bool options_cmp_equal(char *actual, const char *expected);
763
764 void options_warning(char *actual, const char *expected);
765
766 #endif
767
768 /**
769 * Given an OpenVPN options string, extract the value of an option.
770 *
771 * @param options_string Zero-terminated, comma-separated options string
772 * @param opt_name The name of the option to extract
773 * @param gc The gc to allocate the return value
774 *
775 * @return gc-allocated value of option with name opt_name if option was found,
776 * or NULL otherwise.
777 */
778 char *options_string_extract_option(const char *options_string,
779 const char *opt_name, struct gc_arena *gc);
780
781
782 void options_postprocess(struct options *options);
783
784 void pre_pull_save(struct options *o);
785
786 void pre_pull_restore(struct options *o, struct gc_arena *gc);
787
788 bool apply_push_options(struct options *options,
789 struct buffer *buf,
790 unsigned int permission_mask,
791 unsigned int *option_types_found,
792 struct env_set *es);
793
794 void options_detach(struct options *o);
795
796 void options_server_import(struct options *o,
797 const char *filename,
798 int msglevel,
799 unsigned int permission_mask,
800 unsigned int *option_types_found,
801 struct env_set *es);
802
803 void pre_pull_default(struct options *o);
804
805 void rol_check_alloc(struct options *options);
806
807 int parse_line(const char *line,
808 char *p[],
809 const int n,
810 const char *file,
811 const int line_num,
812 int msglevel,
813 struct gc_arena *gc);
814
815 /*
816 * parse/print topology coding
817 */
818
819 int parse_topology(const char *str, const int msglevel);
820
821 const char *print_topology(const int topology);
822
823 /*
824 * Manage auth-retry variable
825 */
826
827 #if P2MP
828
829 #define AR_NONE 0
830 #define AR_INTERACT 1
831 #define AR_NOINTERACT 2
832
833 int auth_retry_get(void);
834
835 bool auth_retry_set(const int msglevel, const char *option);
836
837 const char *auth_retry_print(void);
838
839 #endif
840
841 void options_string_import(struct options *options,
842 const char *config,
843 const int msglevel,
844 const unsigned int permission_mask,
845 unsigned int *option_types_found,
846 struct env_set *es);
847
848 #endif /* ifndef OPTIONS_H */
Mirror of https://github.com/OpenVPN/openvpn.git