2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 * 2004-01-28: Added Socks5 proxy support
26 * (Christof Meerwald, http://cmeerw.org)
44 #include "crypto_backend.h"
49 * Maximum number of parameters associated with an option,
50 * including the option name itself.
55 * Max size of options line and parameter.
57 #define OPTION_PARM_SIZE 256
58 #define OPTION_LINE_SIZE 256
60 extern const char title_string
[];
62 /* certain options are saved before --pull modifications are applied */
63 struct options_pre_connect
65 bool tuntap_options_defined
;
66 struct tuntap_options tuntap_options
;
69 struct route_option_list
*routes
;
71 bool routes_ipv6_defined
;
72 struct route_ipv6_option_list
*routes_ipv6
;
74 const char *route_default_gateway
;
75 const char *route_ipv6_default_gateway
;
77 bool client_nat_defined
;
78 struct client_nat_option_list
*client_nat
;
80 struct dns_options dns_options
;
82 const char *ciphername
;
85 int ping_send_timeout
;
87 int ping_rec_timeout_action
;
89 int foreign_option_index
;
90 struct compress_options comp
;
93 #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
94 #error "At least one of OpenSSL or mbed TLS needs to be defined."
97 struct connection_entry
101 const char *local_port
;
102 bool local_port_defined
;
103 const char *remote_port
;
110 int connect_retry_seconds
;
111 int connect_retry_seconds_max
;
113 struct http_proxy_options
*http_proxy_options
;
114 const char *socks_proxy_server
;
115 const char *socks_proxy_port
;
116 const char *socks_proxy_authfile
;
118 int tun_mtu
; /* MTU of tun device */
119 int occ_mtu
; /* if non-null, this is the MTU we announce to peers in OCC */
120 int tun_mtu_max
; /* maximum MTU that can be pushed */
122 bool tun_mtu_defined
; /* true if user overriding parm with command line option */
124 bool tun_mtu_extra_defined
;
125 int link_mtu
; /* MTU of device over which tunnel packets pass via TCP/UDP */
126 bool link_mtu_defined
; /* true if user overriding parm with command line option */
127 int tls_mtu
; /* Maximum MTU for the control channel messages */
129 /* Advanced MTU negotiation and datagram fragmentation options */
130 int mtu_discover_type
; /* used if OS supports setting Path MTU discovery options on socket */
132 int fragment
; /* internal fragmentation size */
133 bool fragment_encap
; /* true if --fragment had the "mtu" parameter to
134 * include overhead from IP and TCP/UDP encapsulation */
135 int mssfix
; /* Upper bound on TCP MSS */
136 bool mssfix_default
; /* true if --mssfix should use the default parameters */
137 bool mssfix_encap
; /* true if --mssfix had the "mtu" parameter to include
138 * overhead from IP and TCP/UDP encapsulation */
139 bool mssfix_fixed
; /* use the mssfix value without any encapsulation adjustments */
141 int explicit_exit_notification
; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */
143 #define CE_DISABLED (1<<0)
144 #define CE_MAN_QUERY_PROXY (1<<1)
145 #define CE_MAN_QUERY_REMOTE_UNDEF 0
146 #define CE_MAN_QUERY_REMOTE_QUERY 1
147 #define CE_MAN_QUERY_REMOTE_ACCEPT 2
148 #define CE_MAN_QUERY_REMOTE_MOD 3
149 #define CE_MAN_QUERY_REMOTE_SKIP 4
150 #define CE_MAN_QUERY_REMOTE_MASK (0x07)
151 #define CE_MAN_QUERY_REMOTE_SHIFT (2)
154 /* Shared secret used for TLS control channel authentication */
155 const char *tls_auth_file
;
156 bool tls_auth_file_inline
;
159 /* Shared secret used for TLS control channel authenticated encryption */
160 const char *tls_crypt_file
;
161 bool tls_crypt_file_inline
;
163 /* Client-specific secret or server key used for TLS control channel
164 * authenticated encryption v2 */
165 const char *tls_crypt_v2_file
;
166 bool tls_crypt_v2_file_inline
;
168 /* Allow only client that support resending the wrapped client key */
169 bool tls_crypt_v2_force_cookie
;
175 const char *remote_port
;
180 #define CONNECTION_LIST_SIZE 64
182 struct connection_list
187 struct connection_entry
**array
;
194 struct remote_entry
**array
;
199 /* Names of the providers */
200 const char *names
[MAX_PARMS
];
201 /* Pointers to the loaded providers to unload them */
202 provider_t
*providers
[MAX_PARMS
];
205 enum vlan_acceptable_frames
208 VLAN_ONLY_UNTAGGED_OR_PRIORITY
,
212 struct remote_host_store
214 #define RH_HOST_LEN 80
215 char host
[RH_HOST_LEN
];
216 #define RH_PORT_LEN 20
217 char port
[RH_PORT_LEN
];
222 GENKEY_TLS_CRYPTV2_CLIENT
,
223 GENKEY_TLS_CRYPTV2_SERVER
,
227 struct verify_hash_list
229 /* We support SHA256 and SHA1 fingerpint. In the case of using the
230 * deprecated SHA1, only the first 20 bytes of each list item are used */
231 uint8_t hash
[SHA256_DIGEST_LENGTH
];
232 struct verify_hash_list
*next
;
235 /* Command line options */
241 /* first config file */
245 #define MODE_POINT_TO_POINT 0
246 #define MODE_SERVER 1
249 /* enable forward compatibility for post-2.1 features */
250 bool forward_compatible
;
251 /** What version we should try to be compatible with as major * 10000 +
252 * minor * 100 + patch, e.g. 2.4.7 => 20407 */
253 unsigned int backwards_compatible
;
255 /* list of options that should be ignored even if unknown */
256 const char **ignore_unknown_option
;
262 const char *key_pass_file
;
266 bool show_tls_ciphers
;
269 enum genkey_type genkey_type
;
270 const char *genkey_filename
;
271 const char *genkey_extra_data
;
273 /* Networking parms */
274 int connect_retry_max
;
275 struct connection_entry ce
;
276 struct connection_list
*connection_list
;
278 struct remote_list
*remote_list
;
279 /* Do not advance the connection or remote addr list */
281 /* Advance directly to the next remote, skipping remaining addresses of the
283 bool advance_next_remote
;
284 /* Counts the number of unsuccessful connection attempts */
285 unsigned int unsuccessful_attempts
;
286 /* count of connection entries to advance by when no_advance is not set */
287 int ce_advance_count
;
288 /* the server can suggest a backoff time to the client, it
289 * will still be capped by the max timeout between connections
290 * (300s by default) */
291 int server_backoff_time
;
293 #if ENABLE_MANAGEMENT
294 struct http_proxy_options
*http_proxy_override
;
297 struct remote_host_store
*rh_store
;
299 struct dns_options dns_options
;
302 const char *ipchange
;
304 const char *dev_type
;
305 const char *dev_node
;
307 int topology
; /* one of the TOP_x values from proto.h */
308 const char *ifconfig_local
;
309 const char *ifconfig_remote_netmask
;
310 const char *ifconfig_ipv6_local
;
311 int ifconfig_ipv6_netbits
;
312 const char *ifconfig_ipv6_remote
;
313 bool ifconfig_noexec
;
314 bool ifconfig_nowarn
;
321 #ifdef ENABLE_MEMSTATS
327 int keepalive_ping
; /* a proxy for ping/ping-restart */
328 int keepalive_timeout
;
330 int inactivity_timeout
; /* --inactive */
331 int64_t inactivity_minimum_bytes
;
333 int session_timeout
; /* Force-kill session after n seconds */
335 int ping_send_timeout
; /* Send a TCP/UDP ping to remote every n seconds */
336 int ping_rec_timeout
; /* Expect a TCP/UDP ping from remote at least once every n seconds */
337 bool ping_timer_remote
; /* Run ping timer only if we have a remote address */
341 #define PING_RESTART 2
342 int ping_rec_timeout_action
; /* What action to take on ping_rec_timeout (exit or restart)? */
344 bool persist_tun
; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
345 bool persist_local_ip
; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
346 bool persist_remote_ip
; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
347 bool persist_key
; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
349 #if PASSTOS_CAPABILITY
353 int resolve_retry_seconds
; /* If hostname resolve fails, retry for n seconds */
354 bool resolve_in_advance
;
355 const char *ip_remote_hint
;
357 struct tuntap_options tuntap_options
;
360 const char *username
;
361 const char *groupname
;
362 const char *chroot_dir
;
364 #ifdef ENABLE_SELINUX
365 char *selinux_context
;
367 const char *writepid
;
368 const char *up_script
;
369 const char *down_script
;
370 bool user_script_used
;
379 bool suppress_timestamps
;
380 bool machine_readable_output
;
389 const char *status_file
;
390 int status_file_version
;
391 int status_file_update_freq
;
393 /* optimize TUN/TAP/UDP writes */
396 struct compress_options comp
;
407 unsigned int sockflags
;
409 /* route management */
410 const char *route_script
;
411 const char *route_predown_script
;
412 const char *route_default_gateway
;
413 const char *route_ipv6_default_gateway
;
414 int route_default_metric
;
417 int route_delay_window
;
418 bool route_delay_defined
;
419 struct route_option_list
*routes
;
420 struct route_ipv6_option_list
*routes_ipv6
; /* IPv6 */
423 bool route_gateway_via_dhcp
;
424 bool allow_pull_fqdn
; /* as a client, allow server to push a FQDN for certain parameters */
425 struct client_nat_option_list
*client_nat
;
427 /* Enable options consistency check between peers */
430 #ifdef ENABLE_MANAGEMENT
431 const char *management_addr
;
432 const char *management_port
;
433 const char *management_user_pass
;
434 int management_log_history_cache
;
435 int management_echo_buffer_size
;
436 int management_state_buffer_size
;
438 const char *management_client_user
;
439 const char *management_client_group
;
441 const char *management_certificate
;
443 /* Mask of MF_ values of manage.h */
444 unsigned int management_flags
;
447 struct plugin_option_list
*plugin_list
;
450 /* the tmp dir is for now only used in the P2P server context */
453 in_addr_t server_network
;
454 in_addr_t server_netmask
;
455 bool server_ipv6_defined
; /* IPv6 */
456 struct in6_addr server_network_ipv6
; /* IPv6 */
457 unsigned int server_netbits_ipv6
; /* IPv6 */
459 #define SF_NOPOOL (1<<0)
460 #define SF_TCP_NODELAY_HELPER (1<<1)
461 #define SF_NO_PUSH_ROUTE_GATEWAY (1<<2)
462 unsigned int server_flags
;
464 bool server_bridge_proxy_dhcp
;
466 bool server_bridge_defined
;
467 in_addr_t server_bridge_ip
;
468 in_addr_t server_bridge_netmask
;
469 in_addr_t server_bridge_pool_start
;
470 in_addr_t server_bridge_pool_end
;
472 struct push_list push_list
;
473 bool ifconfig_pool_defined
;
474 in_addr_t ifconfig_pool_start
;
475 in_addr_t ifconfig_pool_end
;
476 in_addr_t ifconfig_pool_netmask
;
477 const char *ifconfig_pool_persist_filename
;
478 int ifconfig_pool_persist_refresh_freq
;
480 bool ifconfig_ipv6_pool_defined
; /* IPv6 */
481 struct in6_addr ifconfig_ipv6_pool_base
; /* IPv6 */
482 int ifconfig_ipv6_pool_netbits
; /* IPv6 */
485 int virtual_hash_size
;
486 const char *client_connect_script
;
487 const char *client_disconnect_script
;
488 const char *learn_address_script
;
489 const char *client_crresponse_script
;
490 const char *client_config_dir
;
495 struct iroute
*iroutes
;
496 struct iroute_ipv6
*iroutes_ipv6
; /* IPv6 */
497 bool push_ifconfig_defined
;
498 in_addr_t push_ifconfig_local
;
499 in_addr_t push_ifconfig_remote_netmask
;
500 in_addr_t push_ifconfig_local_alias
;
501 bool push_ifconfig_constraint_defined
;
502 in_addr_t push_ifconfig_constraint_network
;
503 in_addr_t push_ifconfig_constraint_netmask
;
504 bool push_ifconfig_ipv4_blocked
; /* IPv4 */
505 bool push_ifconfig_ipv6_defined
; /* IPv6 */
506 struct in6_addr push_ifconfig_ipv6_local
; /* IPv6 */
507 int push_ifconfig_ipv6_netbits
; /* IPv6 */
508 struct in6_addr push_ifconfig_ipv6_remote
; /* IPv6 */
509 bool push_ifconfig_ipv6_blocked
; /* IPv6 */
520 int max_routes_per_client
;
521 int stale_routes_check_interval
;
522 int stale_routes_ageing_time
;
524 const char *auth_user_pass_verify_script
;
525 bool auth_user_pass_verify_script_via_file
;
526 bool auth_token_generate
;
527 bool auth_token_call_auth
;
528 int auth_token_lifetime
;
529 int auth_token_renewal
;
530 const char *auth_token_secret_file
;
531 bool auth_token_secret_file_inline
;
534 char *port_share_host
;
535 char *port_share_port
;
536 const char *port_share_journal_dir
;
540 bool pull
; /* client pull of config options from server */
541 int push_continuation
;
542 unsigned int push_option_types_found
;
543 const char *auth_user_pass_file
;
544 bool auth_user_pass_file_inline
;
545 struct options_pre_connect
*pre_connect
;
547 int scheduled_exit_interval
;
549 #ifdef ENABLE_MANAGEMENT
550 struct static_challenge_info sc_info
;
553 const char *shared_secret_file
;
554 bool shared_secret_file_inline
;
555 bool allow_deprecated_insecure_static_crypto
;
557 const char *ciphername
;
558 bool enable_ncp_fallback
; /**< If defined fall back to
559 * ciphername if NCP fails */
560 const char *ncp_ciphers
;
561 const char *authname
;
563 struct provider_list providers
;
564 bool mute_replay_warnings
;
567 const char *packet_id_file
;
569 #ifdef ENABLE_PREDICTION_RESISTANCE
570 bool use_prediction_resistance
;
573 /* TLS (control channel) parms */
581 const char *cert_file
;
582 bool cert_file_inline
;
583 const char *extra_certs_file
;
584 bool extra_certs_file_inline
;
585 const char *priv_key_file
;
586 bool priv_key_file_inline
;
587 const char *pkcs12_file
;
588 bool pkcs12_file_inline
;
589 const char *cipher_list
;
590 const char *cipher_list_tls13
;
591 const char *tls_groups
;
592 const char *tls_cert_profile
;
593 const char *ecdh_curve
;
594 const char *tls_verify
;
595 int verify_x509_type
;
596 const char *verify_x509_name
;
597 const char *crl_file
;
598 bool crl_file_inline
;
600 int ns_cert_type
; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
601 unsigned remote_cert_ku
[MAX_PARMS
];
602 const char *remote_cert_eku
;
603 struct verify_hash_list
*verify_hash
;
604 hash_algo_type verify_hash_algo
;
605 int verify_hash_depth
;
606 bool verify_hash_no_ca
;
607 unsigned int ssl_flags
; /* set to SSLF_x flags from ssl.h */
610 const char *pkcs11_providers
[MAX_PARMS
];
611 unsigned pkcs11_private_mode
[MAX_PARMS
];
612 bool pkcs11_protected_authentication
[MAX_PARMS
];
613 bool pkcs11_cert_private
[MAX_PARMS
];
614 int pkcs11_pin_cache_period
;
615 const char *pkcs11_id
;
616 bool pkcs11_id_management
;
619 #ifdef ENABLE_CRYPTOAPI
620 const char *cryptoapi_cert
;
622 /* Per-packet timeout on control channel */
625 /* Data channel key renegotiation parameters */
626 int renegotiate_bytes
;
627 int renegotiate_packets
;
628 int renegotiate_seconds
;
629 int renegotiate_seconds_min
;
631 /* Data channel key handshake must finalize
632 * within n seconds of handshake initiation. */
633 int handshake_window
;
635 #ifdef ENABLE_X509ALTUSERNAME
636 /* Field list used to be the username in X509 cert. */
637 char *x509_username_field
[MAX_PARMS
];
640 /* Old key allowed to live n seconds after new key goes active */
641 int transition_window
;
643 /* Shared secret used for TLS control channel authentication */
644 const char *tls_auth_file
;
645 bool tls_auth_file_inline
;
647 /* Shared secret used for TLS control channel authenticated encryption */
648 const char *tls_crypt_file
;
649 bool tls_crypt_file_inline
;
651 /* Client-specific secret or server key used for TLS control channel
652 * authenticated encryption v2 */
653 const char *tls_crypt_v2_file
;
654 bool tls_crypt_v2_file_inline
;
656 const char *tls_crypt_v2_metadata
;
658 const char *tls_crypt_v2_verify_script
;
660 /* Allow only one session */
667 const struct x509_track
*x509_track
;
669 /* special state parms */
670 int foreign_option_index
;
674 const char *exit_event_name
;
675 bool exit_event_initial_state
;
678 bool block_outside_dns
;
679 enum windows_driver_type windows_driver
;
685 #ifdef HAVE_EXPORT_KEYING_MATERIAL
686 /* Keying Material Exporters [RFC 5705] */
687 const char *keying_material_exporter_label
;
688 int keying_material_exporter_length
;
692 enum vlan_acceptable_frames vlan_accept
;
695 struct pull_filter_list
*pull_filter_list
;
697 /* Useful when packets sent by openvpn itself are not subject
698 * to the routing tables that would move packets into the tunnel. */
699 bool allow_recursive_routing
;
701 /* data channel crypto flags set by push/pull. Reuses the CO_* crypto_flags */
702 unsigned int imported_protocol_flags
;
705 #define streq(x, y) (!strcmp((x), (y)))
710 #define OPT_P_GENERAL (1<<0)
711 #define OPT_P_UP (1<<1)
712 #define OPT_P_ROUTE (1<<2)
713 #define OPT_P_DHCPDNS (1<<3) /* includes ip windows options like */
714 #define OPT_P_SCRIPT (1<<4)
715 #define OPT_P_SETENV (1<<5)
716 #define OPT_P_SHAPER (1<<6)
717 #define OPT_P_TIMER (1<<7)
718 #define OPT_P_PERSIST (1<<8)
719 #define OPT_P_PERSIST_IP (1<<9)
720 #define OPT_P_COMP (1<<10) /* TODO */
721 #define OPT_P_MESSAGES (1<<11)
722 #define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */
723 #define OPT_P_TLS_PARMS (1<<13) /* TODO */
724 #define OPT_P_MTU (1<<14) /* TODO */
725 #define OPT_P_NICE (1<<15)
726 #define OPT_P_PUSH (1<<16)
727 #define OPT_P_INSTANCE (1<<17) /**< allowed in ccd, client-connect etc*/
728 #define OPT_P_CONFIG (1<<18)
729 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
730 #define OPT_P_ECHO (1<<20)
731 #define OPT_P_INHERIT (1<<21)
732 #define OPT_P_ROUTE_EXTRAS (1<<22)
733 #define OPT_P_PULL_MODE (1<<23)
734 #define OPT_P_PLUGIN (1<<24)
735 #define OPT_P_SOCKBUF (1<<25)
736 #define OPT_P_SOCKFLAGS (1<<26)
737 #define OPT_P_CONNECTION (1<<27)
738 #define OPT_P_PEER_ID (1<<28)
739 #define OPT_P_INLINE (1<<29)
740 #define OPT_P_PUSH_MTU (1<<30)
742 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
744 #define PULL_DEFINED(opt) ((opt)->pull)
745 #define PUSH_DEFINED(opt) ((opt)->push_list)
748 #define PULL_DEFINED(opt) (false)
752 #define PUSH_DEFINED(opt) (false)
756 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
758 #define ROUTE_OPTION_FLAGS(o) (0)
761 #define SHAPER_DEFINED(opt) ((opt)->shaper)
764 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
766 #define PLUGIN_OPTION_LIST(opt) (NULL)
769 #ifdef ENABLE_MANAGEMENT
770 #define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH)
772 #define MAN_CLIENT_AUTH_ENABLED(opt) (false)
775 void parse_argv(struct options
*options
,
779 const unsigned int permission_mask
,
780 unsigned int *option_types_found
,
783 void notnull(const char *arg
, const char *description
);
785 void usage_small(void);
787 void show_library_versions(const unsigned int flags
);
790 void show_windows_version(const unsigned int flags
);
794 void show_dco_version(const unsigned int flags
);
796 void init_options(struct options
*o
, const bool init_gc
);
798 void uninit_options(struct options
*o
);
800 void setenv_settings(struct env_set
*es
, const struct options
*o
);
802 void show_settings(const struct options
*o
);
804 bool string_defined_equal(const char *s1
, const char *s2
);
806 const char *options_string_version(const char *s
, struct gc_arena
*gc
);
808 char *options_string(const struct options
*o
,
809 const struct frame
*frame
,
811 openvpn_net_ctx_t
*ctx
,
813 struct gc_arena
*gc
);
815 bool options_cmp_equal_safe(char *actual
, const char *expected
, size_t actual_n
);
817 void options_warning_safe(char *actual
, const char *expected
, size_t actual_n
);
819 bool options_cmp_equal(char *actual
, const char *expected
);
821 void options_warning(char *actual
, const char *expected
);
824 * Given an OpenVPN options string, extract the value of an option.
826 * @param options_string Zero-terminated, comma-separated options string
827 * @param opt_name The name of the option to extract
828 * @param gc The gc to allocate the return value
830 * @return gc-allocated value of option with name opt_name if option was found,
833 char *options_string_extract_option(const char *options_string
,
834 const char *opt_name
, struct gc_arena
*gc
);
837 void options_postprocess(struct options
*options
, struct env_set
*es
);
839 bool options_postprocess_pull(struct options
*o
, struct env_set
*es
);
841 void pre_connect_restore(struct options
*o
, struct gc_arena
*gc
);
843 bool apply_push_options(struct options
*options
,
845 unsigned int permission_mask
,
846 unsigned int *option_types_found
,
849 void options_detach(struct options
*o
);
851 void options_server_import(struct options
*o
,
852 const char *filename
,
854 unsigned int permission_mask
,
855 unsigned int *option_types_found
,
858 void pre_pull_default(struct options
*o
);
860 void rol_check_alloc(struct options
*options
);
862 int parse_line(const char *line
,
868 struct gc_arena
*gc
);
871 * parse/print topology coding
874 int parse_topology(const char *str
, const int msglevel
);
876 const char *print_topology(const int topology
);
879 * Manage auth-retry variable
883 #define AR_INTERACT 1
884 #define AR_NOINTERACT 2
886 int auth_retry_get(void);
888 bool auth_retry_set(const int msglevel
, const char *option
);
890 const char *auth_retry_print(void);
892 void options_string_import(struct options
*options
,
895 const unsigned int permission_mask
,
896 unsigned int *option_types_found
,
899 bool key_is_external(const struct options
*options
);
902 * Returns whether the current configuration has dco enabled.
905 dco_enabled(const struct options
*o
)
908 return !o
->tuntap_options
.disable_dco
;
911 #endif /* ENABLE_DCO */
914 #endif /* ifndef OPTIONS_H */