]> git.ipfire.org Git - thirdparty/openvpn.git/blob - src/openvpn/options.h
projects / thirdparty / openvpn.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
wintun: add --windows-driver config option
[thirdparty/openvpn.git] / src / openvpn / options.h
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24 /*
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
27 */
28
29 #ifndef OPTIONS_H
30 #define OPTIONS_H
31
32 #include "basic.h"
33 #include "common.h"
34 #include "mtu.h"
35 #include "route.h"
36 #include "tun.h"
37 #include "socket.h"
38 #include "plugin.h"
39 #include "manage.h"
40 #include "proxy.h"
41 #include "comp.h"
42 #include "pushlist.h"
43 #include "clinat.h"
44 #include "crypto_backend.h"
45
46
47 /*
48 * Maximum number of parameters associated with an option,
49 * including the option name itself.
50 */
51 #define MAX_PARMS 16
52
53 /*
54 * Max size of options line and parameter.
55 */
56 #define OPTION_PARM_SIZE 256
57 #define OPTION_LINE_SIZE 256
58
59 extern const char title_string[];
60
61 #if P2MP
62
63 /* certain options are saved before --pull modifications are applied */
64 struct options_pre_pull
65 {
66 bool tuntap_options_defined;
67 struct tuntap_options tuntap_options;
68
69 bool routes_defined;
70 struct route_option_list *routes;
71
72 bool routes_ipv6_defined;
73 struct route_ipv6_option_list *routes_ipv6;
74
75 bool client_nat_defined;
76 struct client_nat_option_list *client_nat;
77
78 int foreign_option_index;
79 };
80
81 #endif
82 #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
83 #error "At least one of OpenSSL or mbed TLS needs to be defined."
84 #endif
85
86 struct connection_entry
87 {
88 int proto;
89 sa_family_t af;
90 const char *local_port;
91 bool local_port_defined;
92 const char *remote_port;
93 const char *local;
94 const char *remote;
95 bool remote_float;
96 bool bind_defined;
97 bool bind_ipv6_only;
98 bool bind_local;
99 int connect_retry_seconds;
100 int connect_retry_seconds_max;
101 int connect_timeout;
102 struct http_proxy_options *http_proxy_options;
103 const char *socks_proxy_server;
104 const char *socks_proxy_port;
105 const char *socks_proxy_authfile;
106
107 int tun_mtu; /* MTU of tun device */
108 bool tun_mtu_defined; /* true if user overriding parm with command line option */
109 int tun_mtu_extra;
110 bool tun_mtu_extra_defined;
111 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
112 bool link_mtu_defined; /* true if user overriding parm with command line option */
113
114 /* Advanced MTU negotiation and datagram fragmentation options */
115 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
116
117 int fragment; /* internal fragmentation size */
118 int mssfix; /* Upper bound on TCP MSS */
119 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
120
121 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
122
123 #define CE_DISABLED (1<<0)
124 #define CE_MAN_QUERY_PROXY (1<<1)
125 #define CE_MAN_QUERY_REMOTE_UNDEF 0
126 #define CE_MAN_QUERY_REMOTE_QUERY 1
127 #define CE_MAN_QUERY_REMOTE_ACCEPT 2
128 #define CE_MAN_QUERY_REMOTE_MOD 3
129 #define CE_MAN_QUERY_REMOTE_SKIP 4
130 #define CE_MAN_QUERY_REMOTE_MASK (0x07)
131 #define CE_MAN_QUERY_REMOTE_SHIFT (2)
132 unsigned int flags;
133
134 /* Shared secret used for TLS control channel authentication */
135 const char *tls_auth_file;
136 const char *tls_auth_file_inline;
137 int key_direction;
138
139 /* Shared secret used for TLS control channel authenticated encryption */
140 const char *tls_crypt_file;
141 const char *tls_crypt_inline;
142
143 /* Client-specific secret or server key used for TLS control channel
144 * authenticated encryption v2 */
145 const char *tls_crypt_v2_file;
146 const char *tls_crypt_v2_inline;
147 };
148
149 struct remote_entry
150 {
151 const char *remote;
152 const char *remote_port;
153 int proto;
154 sa_family_t af;
155 };
156
157 #define CONNECTION_LIST_SIZE 64
158
159 struct connection_list
160 {
161 int len;
162 int current;
163 struct connection_entry *array[CONNECTION_LIST_SIZE];
164 };
165
166 struct remote_list
167 {
168 int len;
169 struct remote_entry *array[CONNECTION_LIST_SIZE];
170 };
171
172 enum vlan_acceptable_frames
173 {
174 VLAN_ONLY_TAGGED,
175 VLAN_ONLY_UNTAGGED_OR_PRIORITY,
176 VLAN_ALL,
177 };
178
179 struct remote_host_store
180 {
181 #define RH_HOST_LEN 80
182 char host[RH_HOST_LEN];
183 #define RH_PORT_LEN 20
184 char port[RH_PORT_LEN];
185 };
186
187 enum genkey_type {
188 GENKEY_SECRET,
189 GENKEY_TLS_CRYPTV2_CLIENT,
190 GENKEY_TLS_CRYPTV2_SERVER,
191 GENKEY_AUTH_TOKEN
192 };
193
194 /* Command line options */
195 struct options
196 {
197 struct gc_arena gc;
198 bool gc_owned;
199
200 /* first config file */
201 const char *config;
202
203 /* major mode */
204 #define MODE_POINT_TO_POINT 0
205 #define MODE_SERVER 1
206 int mode;
207
208 /* enable forward compatibility for post-2.1 features */
209 bool forward_compatible;
210 /* list of options that should be ignored even if unknown */
211 const char **ignore_unknown_option;
212
213 /* persist parms */
214 bool persist_config;
215 int persist_mode;
216
217 const char *key_pass_file;
218 bool show_ciphers;
219 bool show_digests;
220 bool show_engines;
221 bool show_tls_ciphers;
222 bool show_curves;
223 bool genkey;
224 enum genkey_type genkey_type;
225 const char* genkey_filename;
226 const char* genkey_extra_data;
227
228 /* Networking parms */
229 int connect_retry_max;
230 struct connection_entry ce;
231 struct connection_list *connection_list;
232
233 struct remote_list *remote_list;
234 /* Do not advanced the connection or remote addr list*/
235 bool no_advance;
236 /* Counts the number of unsuccessful connection attempts */
237 unsigned int unsuccessful_attempts;
238
239 #if ENABLE_MANAGEMENT
240 struct http_proxy_options *http_proxy_override;
241 #endif
242
243 struct remote_host_store *rh_store;
244
245 bool remote_random;
246 const char *ipchange;
247 const char *dev;
248 const char *dev_type;
249 const char *dev_node;
250 const char *lladdr;
251 int topology; /* one of the TOP_x values from proto.h */
252 const char *ifconfig_local;
253 const char *ifconfig_remote_netmask;
254 const char *ifconfig_ipv6_local;
255 int ifconfig_ipv6_netbits;
256 const char *ifconfig_ipv6_remote;
257 bool ifconfig_noexec;
258 bool ifconfig_nowarn;
259 #ifdef ENABLE_FEATURE_SHAPER
260 int shaper;
261 #endif
262
263 int proto_force;
264
265 #ifdef ENABLE_OCC
266 bool mtu_test;
267 #endif
268
269 #ifdef ENABLE_MEMSTATS
270 char *memstats_fn;
271 #endif
272
273 bool mlock;
274
275 int keepalive_ping; /* a proxy for ping/ping-restart */
276 int keepalive_timeout;
277
278 int inactivity_timeout; /* --inactive */
279 int inactivity_minimum_bytes;
280
281 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
282 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
283 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
284
285 #define PING_UNDEF 0
286 #define PING_EXIT 1
287 #define PING_RESTART 2
288 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
289
290 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
291 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
292 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
293 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
294
295 #if PASSTOS_CAPABILITY
296 bool passtos;
297 #endif
298
299 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
300 bool resolve_in_advance;
301 const char *ip_remote_hint;
302
303 struct tuntap_options tuntap_options;
304
305 /* Misc parms */
306 const char *username;
307 const char *groupname;
308 const char *chroot_dir;
309 const char *cd_dir;
310 #ifdef ENABLE_SELINUX
311 char *selinux_context;
312 #endif
313 const char *writepid;
314 const char *up_script;
315 const char *down_script;
316 bool user_script_used;
317 bool down_pre;
318 bool up_delay;
319 bool up_restart;
320 bool daemon;
321
322 int remap_sigusr1;
323
324 /* inetd modes defined in socket.h */
325 int inetd;
326
327 bool log;
328 bool suppress_timestamps;
329 bool machine_readable_output;
330 int nice;
331 int verbosity;
332 int mute;
333
334 #ifdef ENABLE_DEBUG
335 int gremlin;
336 #endif
337
338 const char *status_file;
339 int status_file_version;
340 int status_file_update_freq;
341
342 /* optimize TUN/TAP/UDP writes */
343 bool fast_io;
344
345 #ifdef USE_COMP
346 struct compress_options comp;
347 #endif
348
349 /* buffer sizes */
350 int rcvbuf;
351 int sndbuf;
352
353 /* mark value */
354 int mark;
355
356 /* socket flags */
357 unsigned int sockflags;
358
359 /* route management */
360 const char *route_script;
361 const char *route_predown_script;
362 const char *route_default_gateway;
363 const char *route_ipv6_default_gateway;
364 int route_default_metric;
365 bool route_noexec;
366 int route_delay;
367 int route_delay_window;
368 bool route_delay_defined;
369 struct route_option_list *routes;
370 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */
371 bool block_ipv6;
372 bool route_nopull;
373 bool route_gateway_via_dhcp;
374 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
375 struct client_nat_option_list *client_nat;
376
377 #ifdef ENABLE_OCC
378 /* Enable options consistency check between peers */
379 bool occ;
380 #endif
381
382 #ifdef ENABLE_MANAGEMENT
383 const char *management_addr;
384 const char *management_port;
385 const char *management_user_pass;
386 int management_log_history_cache;
387 int management_echo_buffer_size;
388 int management_state_buffer_size;
389 const char *management_write_peer_info_file;
390
391 const char *management_client_user;
392 const char *management_client_group;
393
394 /* Mask of MF_ values of manage.h */
395 unsigned int management_flags;
396 const char *management_certificate;
397 #endif
398
399 #ifdef ENABLE_PLUGIN
400 struct plugin_option_list *plugin_list;
401 #endif
402
403
404
405 #if P2MP
406
407 #if P2MP_SERVER
408 /* the tmp dir is for now only used in the P2P server context */
409 const char *tmp_dir;
410 bool server_defined;
411 in_addr_t server_network;
412 in_addr_t server_netmask;
413 bool server_ipv6_defined; /* IPv6 */
414 struct in6_addr server_network_ipv6; /* IPv6 */
415 unsigned int server_netbits_ipv6; /* IPv6 */
416
417 #define SF_NOPOOL (1<<0)
418 #define SF_TCP_NODELAY_HELPER (1<<1)
419 #define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
420 unsigned int server_flags;
421
422 bool server_bridge_proxy_dhcp;
423
424 bool server_bridge_defined;
425 in_addr_t server_bridge_ip;
426 in_addr_t server_bridge_netmask;
427 in_addr_t server_bridge_pool_start;
428 in_addr_t server_bridge_pool_end;
429
430 struct push_list push_list;
431 bool ifconfig_pool_defined;
432 in_addr_t ifconfig_pool_start;
433 in_addr_t ifconfig_pool_end;
434 in_addr_t ifconfig_pool_netmask;
435 const char *ifconfig_pool_persist_filename;
436 int ifconfig_pool_persist_refresh_freq;
437
438 bool ifconfig_ipv6_pool_defined; /* IPv6 */
439 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
440 int ifconfig_ipv6_pool_netbits; /* IPv6 */
441
442 int real_hash_size;
443 int virtual_hash_size;
444 const char *client_connect_script;
445 const char *client_disconnect_script;
446 const char *learn_address_script;
447 const char *client_config_dir;
448 bool ccd_exclusive;
449 bool disable;
450 int n_bcast_buf;
451 int tcp_queue_limit;
452 struct iroute *iroutes;
453 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
454 bool push_ifconfig_defined;
455 in_addr_t push_ifconfig_local;
456 in_addr_t push_ifconfig_remote_netmask;
457 in_addr_t push_ifconfig_local_alias;
458 bool push_ifconfig_constraint_defined;
459 in_addr_t push_ifconfig_constraint_network;
460 in_addr_t push_ifconfig_constraint_netmask;
461 bool push_ifconfig_ipv4_blocked; /* IPv4 */
462 bool push_ifconfig_ipv6_defined; /* IPv6 */
463 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
464 int push_ifconfig_ipv6_netbits; /* IPv6 */
465 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
466 bool push_ifconfig_ipv6_blocked; /* IPv6 */
467 bool enable_c2c;
468 bool duplicate_cn;
469 int cf_max;
470 int cf_per;
471 int max_clients;
472 int max_routes_per_client;
473 int stale_routes_check_interval;
474 int stale_routes_ageing_time;
475
476 const char *auth_user_pass_verify_script;
477 bool auth_user_pass_verify_script_via_file;
478 bool auth_token_generate;
479 bool auth_token_gen_secret_file;
480 bool auth_token_call_auth;
481 int auth_token_lifetime;
482 const char *auth_token_secret_file;
483 const char *auth_token_secret_file_inline;
484
485 #if PORT_SHARE
486 char *port_share_host;
487 char *port_share_port;
488 const char *port_share_journal_dir;
489 #endif
490 #endif /* if P2MP_SERVER */
491
492 bool client;
493 bool pull; /* client pull of config options from server */
494 int push_continuation;
495 unsigned int push_option_types_found;
496 const char *auth_user_pass_file;
497 struct options_pre_pull *pre_pull;
498
499 int scheduled_exit_interval;
500
501 #ifdef ENABLE_MANAGEMENT
502 struct static_challenge_info sc_info;
503 #endif
504 #endif /* if P2MP */
505
506 /* Cipher parms */
507 const char *shared_secret_file;
508 const char *shared_secret_file_inline;
509 int key_direction;
510 const char *ciphername;
511 bool ncp_enabled;
512 const char *ncp_ciphers;
513 const char *authname;
514 int keysize;
515 const char *prng_hash;
516 int prng_nonce_secret_len;
517 const char *engine;
518 bool replay;
519 bool mute_replay_warnings;
520 int replay_window;
521 int replay_time;
522 const char *packet_id_file;
523 bool test_crypto;
524 #ifdef ENABLE_PREDICTION_RESISTANCE
525 bool use_prediction_resistance;
526 #endif
527
528 /* TLS (control channel) parms */
529 bool tls_server;
530 bool tls_client;
531 const char *ca_file;
532 const char *ca_path;
533 const char *dh_file;
534 const char *cert_file;
535 const char *extra_certs_file;
536 const char *priv_key_file;
537 const char *pkcs12_file;
538 const char *cipher_list;
539 const char *cipher_list_tls13;
540 const char *tls_cert_profile;
541 const char *ecdh_curve;
542 const char *tls_verify;
543 int verify_x509_type;
544 const char *verify_x509_name;
545 const char *tls_export_cert;
546 const char *crl_file;
547
548 const char *ca_file_inline;
549 const char *cert_file_inline;
550 const char *extra_certs_file_inline;
551 const char *crl_file_inline;
552 char *priv_key_file_inline;
553 const char *dh_file_inline;
554 const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
555
556 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
557 unsigned remote_cert_ku[MAX_PARMS];
558 const char *remote_cert_eku;
559 uint8_t *verify_hash;
560 hash_algo_type verify_hash_algo;
561 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
562
563 #ifdef ENABLE_PKCS11
564 const char *pkcs11_providers[MAX_PARMS];
565 unsigned pkcs11_private_mode[MAX_PARMS];
566 bool pkcs11_protected_authentication[MAX_PARMS];
567 bool pkcs11_cert_private[MAX_PARMS];
568 int pkcs11_pin_cache_period;
569 const char *pkcs11_id;
570 bool pkcs11_id_management;
571 #endif
572
573 #ifdef ENABLE_CRYPTOAPI
574 const char *cryptoapi_cert;
575 #endif
576
577 /* data channel key exchange method */
578 int key_method;
579
580 /* Per-packet timeout on control channel */
581 int tls_timeout;
582
583 /* Data channel key renegotiation parameters */
584 int renegotiate_bytes;
585 int renegotiate_packets;
586 int renegotiate_seconds;
587 int renegotiate_seconds_min;
588
589 /* Data channel key handshake must finalize
590 * within n seconds of handshake initiation. */
591 int handshake_window;
592
593 #ifdef ENABLE_X509ALTUSERNAME
594 /* Field used to be the username in X509 cert. */
595 char *x509_username_field;
596 #endif
597
598 /* Old key allowed to live n seconds after new key goes active */
599 int transition_window;
600
601 /* Shared secret used for TLS control channel authentication */
602 const char *tls_auth_file;
603 const char *tls_auth_file_inline;
604
605 /* Shared secret used for TLS control channel authenticated encryption */
606 const char *tls_crypt_file;
607 const char *tls_crypt_inline;
608
609 /* Client-specific secret or server key used for TLS control channel
610 * authenticated encryption v2 */
611 const char *tls_crypt_v2_file;
612 const char *tls_crypt_v2_inline;
613
614 const char *tls_crypt_v2_metadata;
615
616 const char *tls_crypt_v2_verify_script;
617
618 /* Allow only one session */
619 bool single_session;
620
621 bool push_peer_info;
622
623 bool tls_exit;
624
625 const struct x509_track *x509_track;
626
627 /* special state parms */
628 int foreign_option_index;
629
630 #ifdef _WIN32
631 HANDLE msg_channel;
632 const char *exit_event_name;
633 bool exit_event_initial_state;
634 bool show_net_up;
635 int route_method;
636 bool block_outside_dns;
637 bool wintun;
638 #endif
639
640 bool use_peer_id;
641 uint32_t peer_id;
642
643 #if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
644 /* Keying Material Exporters [RFC 5705] */
645 const char *keying_material_exporter_label;
646 int keying_material_exporter_length;
647 #endif
648
649 bool vlan_tagging;
650 enum vlan_acceptable_frames vlan_accept;
651 uint16_t vlan_pvid;
652
653 struct pull_filter_list *pull_filter_list;
654
655 /* Useful when packets sent by openvpn itself are not subject
656 * to the routing tables that would move packets into the tunnel. */
657 bool allow_recursive_routing;
658 };
659
660 #define streq(x, y) (!strcmp((x), (y)))
661
662 /*
663 * Option classes.
664 */
665 #define OPT_P_GENERAL (1<<0)
666 #define OPT_P_UP (1<<1)
667 #define OPT_P_ROUTE (1<<2)
668 #define OPT_P_IPWIN32 (1<<3)
669 #define OPT_P_SCRIPT (1<<4)
670 #define OPT_P_SETENV (1<<5)
671 #define OPT_P_SHAPER (1<<6)
672 #define OPT_P_TIMER (1<<7)
673 #define OPT_P_PERSIST (1<<8)
674 #define OPT_P_PERSIST_IP (1<<9)
675 #define OPT_P_COMP (1<<10) /* TODO */
676 #define OPT_P_MESSAGES (1<<11)
677 #define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */
678 #define OPT_P_TLS_PARMS (1<<13) /* TODO */
679 #define OPT_P_MTU (1<<14) /* TODO */
680 #define OPT_P_NICE (1<<15)
681 #define OPT_P_PUSH (1<<16)
682 #define OPT_P_INSTANCE (1<<17)
683 #define OPT_P_CONFIG (1<<18)
684 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
685 #define OPT_P_ECHO (1<<20)
686 #define OPT_P_INHERIT (1<<21)
687 #define OPT_P_ROUTE_EXTRAS (1<<22)
688 #define OPT_P_PULL_MODE (1<<23)
689 #define OPT_P_PLUGIN (1<<24)
690 #define OPT_P_SOCKBUF (1<<25)
691 #define OPT_P_SOCKFLAGS (1<<26)
692 #define OPT_P_CONNECTION (1<<27)
693 #define OPT_P_PEER_ID (1<<28)
694
695 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
696
697 #if P2MP
698 #define PULL_DEFINED(opt) ((opt)->pull)
699 #if P2MP_SERVER
700 #define PUSH_DEFINED(opt) ((opt)->push_list)
701 #endif
702 #endif
703
704 #ifndef PULL_DEFINED
705 #define PULL_DEFINED(opt) (false)
706 #endif
707
708 #ifndef PUSH_DEFINED
709 #define PUSH_DEFINED(opt) (false)
710 #endif
711
712 #ifdef _WIN32
713 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
714 #else
715 #define ROUTE_OPTION_FLAGS(o) (0)
716 #endif
717
718 #ifdef ENABLE_FEATURE_SHAPER
719 #define SHAPER_DEFINED(opt) ((opt)->shaper)
720 #else
721 #define SHAPER_DEFINED(opt) (false)
722 #endif
723
724 #ifdef ENABLE_PLUGIN
725 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
726 #else
727 #define PLUGIN_OPTION_LIST(opt) (NULL)
728 #endif
729
730 #ifdef MANAGEMENT_DEF_AUTH
731 #define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
732 #else
733 #define MAN_CLIENT_AUTH_ENABLED(opt) (false)
734 #endif
735
736 void parse_argv(struct options *options,
737 const int argc,
738 char *argv[],
739 const int msglevel,
740 const unsigned int permission_mask,
741 unsigned int *option_types_found,
742 struct env_set *es);
743
744 void notnull(const char *arg, const char *description);
745
746 void usage_small(void);
747
748 void show_library_versions(const unsigned int flags);
749
750 #ifdef _WIN32
751 void show_windows_version(const unsigned int flags);
752
753 #endif
754
755 void init_options(struct options *o, const bool init_gc);
756
757 void uninit_options(struct options *o);
758
759 void setenv_settings(struct env_set *es, const struct options *o);
760
761 void show_settings(const struct options *o);
762
763 bool string_defined_equal(const char *s1, const char *s2);
764
765 #ifdef ENABLE_OCC
766
767 const char *options_string_version(const char *s, struct gc_arena *gc);
768
769 char *options_string(const struct options *o,
770 const struct frame *frame,
771 struct tuntap *tt,
772 openvpn_net_ctx_t *ctx,
773 bool remote,
774 struct gc_arena *gc);
775
776 bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n);
777
778 void options_warning_safe(char *actual, const char *expected, size_t actual_n);
779
780 bool options_cmp_equal(char *actual, const char *expected);
781
782 void options_warning(char *actual, const char *expected);
783
784 #endif
785
786 /**
787 * Given an OpenVPN options string, extract the value of an option.
788 *
789 * @param options_string Zero-terminated, comma-separated options string
790 * @param opt_name The name of the option to extract
791 * @param gc The gc to allocate the return value
792 *
793 * @return gc-allocated value of option with name opt_name if option was found,
794 * or NULL otherwise.
795 */
796 char *options_string_extract_option(const char *options_string,
797 const char *opt_name, struct gc_arena *gc);
798
799
800 void options_postprocess(struct options *options);
801
802 void pre_pull_save(struct options *o);
803
804 void pre_pull_restore(struct options *o, struct gc_arena *gc);
805
806 bool apply_push_options(struct options *options,
807 struct buffer *buf,
808 unsigned int permission_mask,
809 unsigned int *option_types_found,
810 struct env_set *es);
811
812 void options_detach(struct options *o);
813
814 void options_server_import(struct options *o,
815 const char *filename,
816 int msglevel,
817 unsigned int permission_mask,
818 unsigned int *option_types_found,
819 struct env_set *es);
820
821 void pre_pull_default(struct options *o);
822
823 void rol_check_alloc(struct options *options);
824
825 int parse_line(const char *line,
826 char *p[],
827 const int n,
828 const char *file,
829 const int line_num,
830 int msglevel,
831 struct gc_arena *gc);
832
833 /*
834 * parse/print topology coding
835 */
836
837 int parse_topology(const char *str, const int msglevel);
838
839 const char *print_topology(const int topology);
840
841 /*
842 * Manage auth-retry variable
843 */
844
845 #if P2MP
846
847 #define AR_NONE 0
848 #define AR_INTERACT 1
849 #define AR_NOINTERACT 2
850
851 int auth_retry_get(void);
852
853 bool auth_retry_set(const int msglevel, const char *option);
854
855 const char *auth_retry_print(void);
856
857 #endif
858
859 void options_string_import(struct options *options,
860 const char *config,
861 const int msglevel,
862 const unsigned int permission_mask,
863 unsigned int *option_types_found,
864 struct env_set *es);
865
866 #endif /* ifndef OPTIONS_H */
Mirror of https://github.com/OpenVPN/openvpn.git