}
/*
- * Initialize and possibly randomize remote list.
+ * Should be called after options->ce is modified at the top
+ * of a SIGUSR1 restart.
*/
static void
-init_remote_list (struct context *c)
+update_options_ce_post (struct options *options)
{
- c->c1.remote_list = NULL;
+#if P2MP
+ /*
+ * In pull mode, we usually import --ping/--ping-restart parameters from
+ * the server. However we should also set an initial default --ping-restart
+ * for the period of time before we pull the --ping-restart parameter
+ * from the server.
+ */
+ if (options->pull
+ && options->ping_rec_timeout_action == PING_UNDEF
+ && options->ce.proto == PROTO_UDPv4)
+ {
+ options->ping_rec_timeout = PRE_PULL_INITIAL_PING_RESTART;
+ options->ping_rec_timeout_action = PING_RESTART;
+ }
+#endif
+#ifdef USE_CRYPTO
+ /*
+ * Don't use replay window for TCP mode (i.e. require that packets be strictly in sequence).
+ */
+ if (link_socket_proto_connection_oriented (options->ce.proto))
+ options->replay_window = options->replay_time = 0;
+#endif
+}
- if (c->options.remote_list)
+/*
+ * Initialize and possibly randomize connection list.
+ */
+static void
+init_connection_list (struct context *c)
+{
+#ifdef ENABLE_CONNECTION
+ struct connection_list *l = c->options.connection_list;
+ if (l)
{
- struct remote_list *l;
- ALLOC_OBJ_GC (c->c1.remote_list, struct remote_list, &c->gc);
- l = c->c1.remote_list;
- *l = *c->options.remote_list;
l->current = -1;
if (c->options.remote_random)
- remote_list_randomize (l);
+ {
+ int i;
+ for (i = 0; i < l->len; ++i)
+ {
+ const int j = get_random () % l->len;
+ if (i != j)
+ {
+ struct connection_entry *tmp;
+ tmp = l->array[i];
+ l->array[i] = l->array[j];
+ l->array[j] = tmp;
+ }
+ }
+ }
}
+#endif
+}
+
+/*
+ * Increment to next connection entry
+ */
+static void
+next_connection_entry (struct context *c)
+{
+#ifdef ENABLE_CONNECTION
+ struct connection_list *l = c->options.connection_list;
+ if (l)
+ {
+ if (l->no_advance && l->current >= 0)
+ {
+ l->no_advance = false;
+ }
+ else
+ {
+ int i;
+ if (++l->current >= l->len)
+ l->current = 0;
+
+ dmsg (D_CONNECTION_LIST, "CONNECTION_LIST len=%d current=%d",
+ l->len, l->current);
+ for (i = 0; i < l->len; ++i)
+ {
+ dmsg (D_CONNECTION_LIST, "[%d] %s:%d",
+ i,
+ l->array[i]->remote,
+ l->array[i]->remote_port);
+ }
+ }
+ c->options.ce = *l->array[l->current];
+ }
+#endif
+ update_options_ce_post (&c->options);
}
/*
#endif
}
-void
-context_init_1 (struct context *c)
+/*
+ * Initialize/Uninitialize HTTP or SOCKS proxy
+ */
+
+#ifdef GENERAL_PROXY_SUPPORT
+
+static int
+proxy_scope (struct context *c)
+{
+ return connection_list_defined (&c->options) ? 2 : 1;
+}
+
+static void
+uninit_proxy_dowork (struct context *c)
+{
+#ifdef ENABLE_HTTP_PROXY
+ if (c->c1.http_proxy_owned && c->c1.http_proxy)
+ {
+ http_proxy_close (c->c1.http_proxy);
+ c->c1.http_proxy = NULL;
+ c->c1.http_proxy_owned = false;
+ }
+#endif
+#ifdef ENABLE_SOCKS
+ if (c->c1.socks_proxy_owned && c->c1.socks_proxy)
+ {
+ socks_proxy_close (c->c1.socks_proxy);
+ c->c1.socks_proxy = NULL;
+ c->c1.socks_proxy_owned = false;
+ }
+#endif
+}
+
+static void
+init_proxy_dowork (struct context *c)
{
#ifdef ENABLE_HTTP_PROXY
bool did_http = false;
const bool did_http = false;
#endif
+ uninit_proxy_dowork (c);
+
+#ifdef ENABLE_HTTP_PROXY
+ if (c->options.ce.http_proxy_options || c->options.auto_proxy_info)
+ {
+ /* Possible HTTP proxy user/pass input */
+ c->c1.http_proxy = http_proxy_new (c->options.ce.http_proxy_options,
+ c->options.auto_proxy_info);
+ if (c->c1.http_proxy)
+ {
+ did_http = true;
+ c->c1.http_proxy_owned = true;
+ }
+ }
+#endif
+
+#ifdef ENABLE_SOCKS
+ if (!did_http && (c->options.ce.socks_proxy_server || c->options.auto_proxy_info))
+ {
+ c->c1.socks_proxy = socks_proxy_new (c->options.ce.socks_proxy_server,
+ c->options.ce.socks_proxy_port,
+ c->options.ce.socks_proxy_retry,
+ c->options.auto_proxy_info);
+ if (c->c1.socks_proxy)
+ {
+ c->c1.socks_proxy_owned = true;
+ }
+ }
+#endif
+}
+
+static void
+init_proxy (struct context *c, const int scope)
+{
+ if (scope == proxy_scope (c))
+ init_proxy_dowork (c);
+}
+
+static void
+uninit_proxy (struct context *c)
+{
+ if (c->sig->signal_received != SIGUSR1 || proxy_scope (c) == 2)
+ uninit_proxy_dowork (c);
+}
+
+#else
+
+static inline void
+init_proxy (struct context *c, const int scope)
+{
+}
+
+static inline void
+uninit_proxy (struct context *c, const int scope)
+{
+}
+
+#endif
+
+void
+context_init_1 (struct context *c)
+{
context_clear_1 (c);
packet_id_persist_init (&c->c1.pid_persist);
- init_remote_list (c);
+
+ init_connection_list (c);
init_query_passwords (c);
}
#endif
-#ifdef ENABLE_HTTP_PROXY
- if (c->options.http_proxy_options || c->options.auto_proxy_info)
- {
- /* Possible HTTP proxy user/pass input */
- c->c1.http_proxy = new_http_proxy (c->options.http_proxy_options,
- c->options.auto_proxy_info,
- &c->gc);
- if (c->c1.http_proxy)
- did_http = true;
- }
-#endif
-
-#ifdef ENABLE_SOCKS
- if (!did_http && (c->options.socks_proxy_server || c->options.auto_proxy_info))
- {
- c->c1.socks_proxy = new_socks_proxy (c->options.socks_proxy_server,
- c->options.socks_proxy_port,
- c->options.socks_proxy_retry,
- c->options.auto_proxy_info,
- &c->gc);
- }
-#endif
+ /* initialize HTTP or SOCKS proxy object at scope level 1 */
+ init_proxy (c, 1);
}
void
{
/* sanity check on options for --mktun or --rmtun */
notnull (options->dev, "TUN/TAP device (--dev)");
- if (options->remote_list || options->ifconfig_local
+ if (options->ce.remote || options->ifconfig_local
|| options->ifconfig_remote_netmask
#ifdef USE_CRYPTO
|| options->shared_secret_file
else
msg (M_INFO, "%s", message);
- /* Flag remote_list that we initialized */
- if ((flags & (ISC_ERRORS|ISC_SERVER)) == 0 && c->c1.remote_list && c->c1.remote_list->len > 1)
- c->c1.remote_list->no_advance = true;
+ /* Flag connection_list that we initialized */
+ if ((flags & (ISC_ERRORS|ISC_SERVER)) == 0 && connection_list_defined (&c->options))
+ connection_list_set_no_advance (&c->options);
#ifdef ENABLE_MANAGEMENT
/* Tell management interface that we initialized */
#ifdef ENABLE_OCC
if (found & OPT_P_EXPLICIT_NOTIFY)
{
- if (c->options.proto != PROTO_UDPv4 && c->options.explicit_exit_notification)
+ if (c->options.ce.proto != PROTO_UDPv4 && c->options.explicit_exit_notification)
{
msg (D_PUSH, "OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp");
c->options.explicit_exit_notification = 0;
int sec = 2;
#ifdef ENABLE_HTTP_PROXY
- if (c->options.http_proxy_options)
+ if (c->options.ce.http_proxy_options)
proxy = true;
#endif
#ifdef ENABLE_SOCKS
- if (c->options.socks_proxy_server)
+ if (c->options.ce.socks_proxy_server)
proxy = true;
#endif
- switch (c->options.proto)
+ switch (c->options.ce.proto)
{
case PROTO_UDPv4:
if (proxy)
- sec = c->options.connect_retry_seconds;
+ sec = c->options.ce.connect_retry_seconds;
break;
case PROTO_TCPv4_SERVER:
sec = 1;
break;
case PROTO_TCPv4_CLIENT:
- sec = c->options.connect_retry_seconds;
+ sec = c->options.ce.connect_retry_seconds;
break;
}
/* should we not xmit any packets until we get an initial
response from client? */
- if (to.server && options->proto == PROTO_TCPv4_SERVER)
+ if (to.server && options->ce.proto == PROTO_TCPv4_SERVER)
to.xmit_hold = true;
#ifdef ENABLE_OCC
/* If we are running over TCP, allow for
length prefix */
- socket_adjust_frame_parameters (&to.frame, options->proto);
+ socket_adjust_frame_parameters (&to.frame, options->ce.proto);
/*
* Initialize OpenVPN's master TLS-mode object.
/*
* Adjust frame size for UDP Socks support.
*/
- if (c->options.socks_proxy_server)
- socks_adjust_frame_parameters (&c->c2.frame, c->options.proto);
+ if (c->options.ce.socks_proxy_server)
+ socks_adjust_frame_parameters (&c->c2.frame, c->options.ce.proto);
#endif
/*
* (Since TCP is a stream protocol, we need to insert
* a packet length uint16_t in the buffer.)
*/
- socket_adjust_frame_parameters (&c->c2.frame, c->options.proto);
+ socket_adjust_frame_parameters (&c->c2.frame, c->options.ce.proto);
/*
* Fill in the blanks in the frame parameters structure,
const struct options *o = &c->options;
#if 1 /* JYFIXME -- port warning */
- if (!o->port_option_used && (o->local_port == OPENVPN_PORT && o->remote_port == OPENVPN_PORT))
+ if (!o->ce.port_option_used && (o->ce.local_port == OPENVPN_PORT && o->ce.remote_port == OPENVPN_PORT))
msg (M_WARN, "IMPORTANT: OpenVPN's default port number is now %d, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.",
OPENVPN_PORT);
#endif
#endif
#ifndef CONNECT_NONBLOCK
- if (o->connect_timeout_defined)
+ if (o->ce.connect_timeout_defined)
msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS");
#endif
}
#endif
link_socket_init_phase1 (c->c2.link_socket,
- c->options.local,
- c->c1.remote_list,
- c->options.local_port,
- c->options.proto,
+ connection_list_defined (&c->options),
+ c->options.ce.local,
+ c->options.ce.local_port,
+ c->options.ce.remote,
+ c->options.ce.remote_port,
+ c->options.ce.proto,
mode,
c->c2.accept_from,
#ifdef ENABLE_HTTP_PROXY
#ifdef ENABLE_DEBUG
c->options.gremlin,
#endif
- c->options.bind_local,
- c->options.remote_float,
+ c->options.ce.bind_local,
+ c->options.ce.remote_float,
c->options.inetd,
&c->c1.link_socket_addr,
c->options.ipchange,
c->plugins,
c->options.resolve_retry_seconds,
- c->options.connect_retry_seconds,
- c->options.connect_timeout,
- c->options.connect_retry_max,
+ c->options.ce.connect_retry_seconds,
+ c->options.ce.connect_timeout,
+ c->options.ce.connect_retry_max,
c->options.mtu_discover_type,
c->options.rcvbuf,
c->options.sndbuf,
#ifdef WIN32
msg (M_INFO, "NOTE: --fast-io is disabled since we are running on Windows");
#else
- if (c->options.proto != PROTO_UDPv4)
+ if (c->options.ce.proto != PROTO_UDPv4)
msg (M_INFO, "NOTE: --fast-io is disabled since we are not using UDP");
else
{
c->sig->signal_text = NULL;
c->sig->hard = false;
+ /* map in current connection entry */
+ next_connection_entry (c);
+
/* link_socket_mode allows CM_CHILD_TCP
instances to inherit acceptable fds
from a top-level parent */
- if (c->options.proto == PROTO_TCPv4_SERVER)
+ if (c->options.ce.proto == PROTO_TCPv4_SERVER)
{
if (c->mode == CM_TOP)
link_socket_mode = LS_MODE_TCP_LISTEN;
else if (c->mode == CM_CHILD_TCP)
do_event_set_init (c, false);
+ /* initialize HTTP or SOCKS proxy object at scope level 2 */
+ init_proxy (c, 2);
+
/* allocate our socket object */
if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP)
do_link_socket_new (c);
/* free up environmental variable store */
do_env_set_destroy (c);
+ /* close HTTP or SOCKS proxy */
+ uninit_proxy (c);
+
/* garbage collect */
gc_free (&c->c2.gc);
}
{
CLEAR (*dest);
- switch (src->options.proto)
+ switch (src->options.ce.proto)
{
case PROTO_UDPv4:
dest->mode = CM_CHILD_UDP;
dest->c2.es_owned = false;
dest->c2.event_set = NULL;
- if (src->options.proto == PROTO_UDPv4)
+ if (src->options.ce.proto == PROTO_UDPv4)
do_event_set_init (dest, false);
}
* will be set to 0.
*/
void
-init_options (struct options *o)
+init_options (struct options *o, const bool init_gc)
{
CLEAR (*o);
- gc_init (&o->gc);
+ if (init_gc)
+ {
+ gc_init (&o->gc);
+ o->gc_owned = true;
+ }
o->mode = MODE_POINT_TO_POINT;
o->topology = TOP_NET30;
- o->proto = PROTO_UDPv4;
- o->connect_retry_seconds = 5;
- o->connect_timeout = 10;
- o->connect_retry_max = 0;
- o->local_port = o->remote_port = OPENVPN_PORT;
+ o->ce.proto = PROTO_UDPv4;
+ o->ce.connect_retry_seconds = 5;
+ o->ce.connect_timeout = 10;
+ o->ce.connect_retry_max = 0;
+ o->ce.local_port = o->ce.remote_port = OPENVPN_PORT;
o->verbosity = 1;
o->status_file_update_freq = 60;
o->status_file_version = 1;
- o->bind_local = true;
+ o->ce.bind_local = true;
o->tun_mtu = TUN_MTU_DEFAULT;
o->link_mtu = LINK_MTU_DEFAULT;
o->mtu_discover_type = -1;
void
uninit_options (struct options *o)
{
- gc_free (&o->gc);
+ if (o->gc_owned)
+ gc_free (&o->gc);
}
#ifdef ENABLE_DEBUG
#endif
+void
+setenv_connection_entry (struct env_set *es,
+ const struct connection_entry *e,
+ const int i)
+{
+ setenv_str_i (es, "proto", proto2ascii (e->proto, false), i);
+ setenv_str_i (es, "local", e->local, i);
+ setenv_int_i (es, "local_port", e->local_port, i);
+ setenv_str_i (es, "remote", e->local, i);
+ setenv_int_i (es, "remote_port", e->local_port, i);
+
+#ifdef ENABLE_HTTP_PROXY
+ if (e->http_proxy_options)
+ {
+ setenv_str_i (es, "http_proxy_server", e->http_proxy_options->server, i);
+ setenv_int_i (es, "http_proxy_port", e->http_proxy_options->port, i);
+ }
+#endif
+#ifdef ENABLE_SOCKS
+ if (e->socks_proxy_server)
+ {
+ setenv_str_i (es, "socks_proxy_server", e->socks_proxy_server, i);
+ setenv_int_i (es, "socks_proxy_port", e->socks_proxy_port, i);
+ }
+#endif
+}
+
void
setenv_settings (struct env_set *es, const struct options *o)
{
setenv_str (es, "config", o->config);
- setenv_str (es, "proto", proto2ascii (o->proto, false));
- setenv_str (es, "local", o->local);
- setenv_int (es, "local_port", o->local_port);
setenv_int (es, "verb", o->verbosity);
setenv_int (es, "daemon", o->daemon);
setenv_int (es, "daemon_log_redirect", o->log);
- if (o->remote_list)
+#ifdef ENABLE_CONNECTION
+ if (o->connection_list)
{
int i;
-
- for (i = 0; i < o->remote_list->len; ++i)
- {
- char remote_string[64];
- char remote_port_string[64];
-
- openvpn_snprintf (remote_string, sizeof (remote_string), "remote_%d", i+1);
- openvpn_snprintf (remote_port_string, sizeof (remote_port_string), "remote_port_%d", i+1);
-
- setenv_str (es, remote_string, o->remote_list->array[i].hostname);
- setenv_int (es, remote_port_string, o->remote_list->array[i].port);
- }
+ for (i = 0; i < o->connection_list->len; ++i)
+ setenv_connection_entry (es, o->connection_list->array[i], i+1);
}
-#ifdef ENABLE_HTTP_PROXY
- if (o->http_proxy_options)
- {
- setenv_str (es, "http_proxy_server", o->http_proxy_options->server);
- setenv_int (es, "http_proxy_port", o->http_proxy_options->port);
- }
-#endif
-#ifdef ENABLE_SOCKS
- if(o->socks_proxy_server)
- {
- setenv_str (es, "socks_proxy_server", o->socks_proxy_server);
- setenv_int (es, "socks_proxy_port", o->socks_proxy_port);
- }
+ else
#endif
+ setenv_connection_entry (es, &o->ce, 1);
}
static in_addr_t
bool
is_stateful_restart (const struct options *o)
{
- return is_persist_option (o) || (o->remote_list && o->remote_list->len > 1);
+ return is_persist_option (o) || connection_list_defined (o);
}
#ifdef WIN32
#endif /* P2MP_SERVER */
#endif /* P2MP */
-#ifdef ENABLE_DEBUG
-static void
-show_remote_list (const struct remote_list *l)
-{
- if (l)
- {
- int i;
- for (i = 0; i < l->len; ++i)
- {
- msg (D_SHOW_PARMS, " remote_list[%d] = {'%s', %d}",
- i, l->array[i].hostname, l->array[i].port);
- }
- }
- else
- {
- msg (D_SHOW_PARMS, " remote_list = NULL");
- }
-}
-#endif
-
#if defined(ENABLE_HTTP_PROXY) && defined(ENABLE_DEBUG)
static void
show_http_proxy_options (const struct http_proxy_options *o)
options->routes = new_route_option_list (&options->gc);
}
+#ifdef ENABLE_DEBUG
+static void
+show_connection_entry (const struct connection_entry *o)
+{
+ msg (D_SHOW_PARMS, " proto = %s", proto2ascii (o->proto, false));
+ SHOW_STR (local);
+ SHOW_INT (local_port);
+ SHOW_STR (remote);
+ SHOW_INT (remote_port);
+ SHOW_BOOL (remote_float);
+ SHOW_BOOL (bind_defined);
+ SHOW_BOOL (bind_local);
+ SHOW_INT (connect_retry_seconds);
+ SHOW_INT (connect_timeout);
+ SHOW_INT (connect_retry_max);
+
+#ifdef ENABLE_HTTP_PROXY
+ if (o->http_proxy_options)
+ show_http_proxy_options (o->http_proxy_options);
+#endif
+#ifdef ENABLE_SOCKS
+ SHOW_STR (socks_proxy_server);
+ SHOW_INT (socks_proxy_port);
+ SHOW_BOOL (socks_proxy_retry);
+#endif
+}
+
+static void
+show_connection_entries (const struct options *o)
+{
+ msg (D_SHOW_PARMS, "Connection profiles [default]:");
+ show_connection_entry (&o->ce);
+#ifdef ENABLE_CONNECTION
+ if (o->connection_list)
+ {
+ const struct connection_list *l = o->connection_list;
+ int i;
+ for (i = 0; i < l->len; ++i)
+ {
+ msg (D_SHOW_PARMS, "Connection profiles [%d]:", i);
+ show_connection_entry (l->array[i]);
+ }
+ }
+#endif
+ msg (D_SHOW_PARMS, "Connection profiles END");
+}
+
+#endif
+
void
show_settings (const struct options *o)
{
#endif
#endif
- SHOW_INT (proto);
- SHOW_STR (local);
- show_remote_list (o->remote_list);
+ show_connection_entries (o);
+
SHOW_BOOL (remote_random);
- SHOW_INT (local_port);
- SHOW_INT (remote_port);
- SHOW_BOOL (remote_float);
SHOW_STR (ipchange);
- SHOW_BOOL (bind_defined);
- SHOW_BOOL (bind_local);
SHOW_STR (dev);
SHOW_STR (dev_type);
SHOW_STR (dev_node);
#endif
SHOW_INT (resolve_retry_seconds);
- SHOW_INT (connect_retry_seconds);
- SHOW_INT (connect_timeout);
- SHOW_INT (connect_retry_max);
SHOW_STR (username);
SHOW_STR (groupname);
SHOW_INT (sndbuf);
SHOW_INT (sockflags);
-#ifdef ENABLE_HTTP_PROXY
- if (o->http_proxy_options)
- show_http_proxy_options (o->http_proxy_options);
-#endif
-
-#ifdef ENABLE_SOCKS
- SHOW_STR (socks_proxy_server);
- SHOW_INT (socks_proxy_port);
- SHOW_BOOL (socks_proxy_retry);
-#endif
-
SHOW_BOOL (fast_io);
#ifdef USE_LZO
struct http_proxy_options *
init_http_options_if_undefined (struct options *o)
{
- if (!o->http_proxy_options)
+ if (!o->ce.http_proxy_options)
{
- ALLOC_OBJ_CLEAR_GC (o->http_proxy_options, struct http_proxy_options, &o->gc);
+ ALLOC_OBJ_CLEAR_GC (o->ce.http_proxy_options, struct http_proxy_options, &o->gc);
/* http proxy defaults */
- o->http_proxy_options->timeout = 5;
- o->http_proxy_options->http_version = "1.0";
+ o->ce.http_proxy_options->timeout = 5;
+ o->ce.http_proxy_options->http_version = "1.0";
}
- return o->http_proxy_options;
+ return o->ce.http_proxy_options;
+}
+
+#endif
+
+#if ENABLE_CONNECTION
+
+static struct connection_list *
+alloc_connection_list_if_undef (struct options *options)
+{
+ if (!options->connection_list)
+ ALLOC_OBJ_CLEAR_GC (options->connection_list, struct connection_list, &options->gc);
+ return options->connection_list;
+}
+
+static struct connection_entry *
+alloc_connection_entry (struct options *options, const int msglevel)
+{
+ struct connection_list *l = alloc_connection_list_if_undef (options);
+ struct connection_entry *e;
+
+ if (l->len >= CONNECTION_LIST_SIZE)
+ {
+ msg (msglevel, "Maximum number of 'connection' options (%d) exceeded", CONNECTION_LIST_SIZE);
+ return NULL;
+ }
+ ALLOC_OBJ_GC (e, struct connection_entry, &options->gc);
+ l->array[l->len++] = e;
+ return e;
+}
+
+static struct remote_list *
+alloc_remote_list_if_undef (struct options *options)
+{
+ if (!options->remote_list)
+ ALLOC_OBJ_CLEAR_GC (options->remote_list, struct remote_list, &options->gc);
+ return options->remote_list;
+}
+
+static struct remote_entry *
+alloc_remote_entry (struct options *options, const int msglevel)
+{
+ struct remote_list *l = alloc_remote_list_if_undef (options);
+ struct remote_entry *e;
+
+ if (l->len >= CONNECTION_LIST_SIZE)
+ {
+ msg (msglevel, "Maximum number of 'remote' options (%d) exceeded", CONNECTION_LIST_SIZE);
+ return NULL;
+ }
+ ALLOC_OBJ_GC (e, struct remote_entry, &options->gc);
+ l->array[l->len++] = e;
+ return e;
}
#endif
-/*
- * Sanity check on options.
- * Also set some options based on other
- * options.
- */
void
-options_postprocess (struct options *options, bool first_time)
+connection_entry_load_re (struct connection_entry *ce, const struct remote_entry *re)
+{
+ if (re->remote)
+ ce->remote = re->remote;
+ if (re->remote_port >= 0)
+ ce->remote_port = re->remote_port;
+ if (re->proto >= 0)
+ ce->proto = re->proto;
+}
+
+static void
+options_postprocess_verify_ce (const struct options *options, const struct connection_entry *ce)
{
struct options defaults;
int dev = DEV_TYPE_UNDEF;
- int i;
bool pull = false;
- init_options (&defaults);
+ init_options (&defaults, true);
#ifdef USE_CRYPTO
if (options->test_crypto)
dev = dev_type_enum (options->dev, options->dev_type);
/*
- * Fill in default port number for --remote list
- */
- if (options->remote_list)
- {
- for (i = 0; i < options->remote_list->len; ++i)
- {
- struct remote_entry *e = &options->remote_list->array[i];
- if (e->port < 0)
- e->port = options->remote_port;
- }
- }
-
- /*
- * If --mssfix is supplied without a parameter, default
- * it to --fragment value, if --fragment is specified.
+ * If "proto tcp" is specified, make sure we know whether it is
+ * tcp-client or tcp-server.
*/
- if (options->mssfix_default)
- {
-#ifdef ENABLE_FRAGMENT
- if (options->fragment)
- options->mssfix = options->fragment;
-#else
- msg (M_USAGE, "--mssfix must specify a parameter");
-#endif
- }
+ if (ce->proto == PROTO_TCPv4)
+ msg (M_USAGE, "--proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client");
/*
* Sanity check on daemon/inetd modes
if (options->daemon && options->inetd)
msg (M_USAGE, "only one of --daemon or --inetd may be specified");
- if (options->inetd && (options->local || options->remote_list))
+ if (options->inetd && (ce->local || ce->remote))
msg (M_USAGE, "--local or --remote cannot be used with --inetd");
- if (options->inetd && options->proto == PROTO_TCPv4_CLIENT)
+ if (options->inetd && ce->proto == PROTO_TCPv4_CLIENT)
msg (M_USAGE, "--proto tcp-client cannot be used with --inetd");
- if (options->inetd == INETD_NOWAIT && options->proto != PROTO_TCPv4_SERVER)
+ if (options->inetd == INETD_NOWAIT && ce->proto != PROTO_TCPv4_SERVER)
msg (M_USAGE, "--inetd nowait can only be used with --proto tcp-server");
if (options->inetd == INETD_NOWAIT
if (options->lladdr && dev != DEV_TYPE_TAP)
msg (M_USAGE, "--lladdr can only be used in --dev tap mode");
- /*
- * In forking TCP server mode, you don't need to ifconfig
- * the tap device (the assumption is that it will be bridged).
- */
- if (options->inetd == INETD_NOWAIT)
- options->ifconfig_noexec = true;
-
/*
* Sanity check on TCP mode options
*/
- if (options->connect_retry_defined && options->proto != PROTO_TCPv4_CLIENT)
+ if (ce->connect_retry_defined && ce->proto != PROTO_TCPv4_CLIENT)
msg (M_USAGE, "--connect-retry doesn't make sense unless also used with --proto tcp-client");
- if (options->connect_timeout_defined && options->proto != PROTO_TCPv4_CLIENT)
+ if (ce->connect_timeout_defined && ce->proto != PROTO_TCPv4_CLIENT)
msg (M_USAGE, "--connect-timeout doesn't make sense unless also used with --proto tcp-client");
/*
msg (M_USAGE, "only one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT);
#ifdef ENABLE_OCC
- if (options->proto != PROTO_UDPv4 && options->mtu_test)
+ if (ce->proto != PROTO_UDPv4 && options->mtu_test)
msg (M_USAGE, "--mtu-test only makes sense with --proto udp");
#endif
- /*
- * Set MTU defaults
- */
- {
- if (!options->tun_mtu_defined && !options->link_mtu_defined)
- {
- options->tun_mtu_defined = true;
- }
- if ((dev == DEV_TYPE_TAP) && !options->tun_mtu_extra_defined)
- {
- options->tun_mtu_extra_defined = true;
- options->tun_mtu_extra = TAP_MTU_EXTRA_DEFAULT;
- }
- }
-
- /*
- * Process helper-type options which map to other, more complex
- * sequences of options.
- */
- helper_client_server (options);
- helper_keepalive (options);
-
/* will we be pulling options from server? */
#if P2MP
pull = options->pull;
* Sanity check on --local, --remote, and --ifconfig
*/
- if (options->remote_list)
- {
- int i;
- struct remote_list *l = options->remote_list;
-
- for (i = 0; i < l->len; ++i)
- {
- const char *remote = l->array[i].hostname;
- const int remote_port = l->array[i].port;
-
- if (string_defined_equal (options->local, remote)
- && options->local_port == remote_port)
- msg (M_USAGE, "--remote and --local addresses are the same");
-
- if (string_defined_equal (remote, options->ifconfig_local)
- || string_defined_equal (remote, options->ifconfig_remote_netmask))
- msg (M_USAGE, "--local and --remote addresses must be distinct from --ifconfig addresses");
- }
- }
+ if (string_defined_equal (ce->local, ce->remote)
+ && ce->local_port == ce->remote_port)
+ msg (M_USAGE, "--remote and --local addresses are the same");
+
+ if (string_defined_equal (ce->remote, options->ifconfig_local)
+ || string_defined_equal (ce->remote, options->ifconfig_remote_netmask))
+ msg (M_USAGE, "--local and --remote addresses must be distinct from --ifconfig addresses");
- if (string_defined_equal (options->local, options->ifconfig_local)
- || string_defined_equal (options->local, options->ifconfig_remote_netmask))
+ if (string_defined_equal (ce->local, options->ifconfig_local)
+ || string_defined_equal (ce->local, options->ifconfig_remote_netmask))
msg (M_USAGE, "--local addresses must be distinct from --ifconfig addresses");
if (string_defined_equal (options->ifconfig_local, options->ifconfig_remote_netmask))
msg (M_USAGE, "local and remote/netmask --ifconfig addresses must be different");
- if (options->bind_defined && !options->bind_local)
+ if (ce->bind_defined && !ce->bind_local)
msg (M_USAGE, "--bind and --nobind can't be used together");
- if (options->local && !options->bind_local)
+ if (ce->local && !ce->bind_local)
msg (M_USAGE, "--local and --nobind don't make sense when used together");
- if (options->local_port_defined && !options->bind_local)
+ if (ce->local_port_defined && !ce->bind_local)
msg (M_USAGE, "--lport and --nobind don't make sense when used together");
- if (!options->remote_list && !options->bind_local)
+ if (!ce->remote && !ce->bind_local)
msg (M_USAGE, "--nobind doesn't make sense unless used with --remote");
- if (options->proto == PROTO_TCPv4_CLIENT && !options->local && !options->local_port_defined && !options->bind_defined)
- options->bind_local = false;
-
-#ifdef ENABLE_SOCKS
- if (options->proto == PROTO_UDPv4 && options->socks_proxy_server && !options->local && !options->local_port_defined && !options->bind_defined)
- options->bind_local = false;
-#endif
-
- if (!options->bind_local)
- options->local_port = 0;
-
/*
* Check for consistency of management options
*/
&& options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ
&& options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE)
msg (M_USAGE, "--dhcp-options requires --ip-win32 dynamic or adaptive");
-
- if ((dev == DEV_TYPE_TUN || dev == DEV_TYPE_TAP) && !options->route_delay_defined)
- {
- options->route_delay_defined = true;
- options->route_delay = 5; /* Vista sometimes has a race without this */
- }
-
- if (options->ifconfig_noexec)
- {
- options->tuntap_options.ip_win32_type = IPW32_SET_MANUAL;
- options->ifconfig_noexec = false;
- }
#endif
/*
*/
#ifdef ENABLE_FRAGMENT
- if (options->proto != PROTO_UDPv4 && options->fragment)
+ if (ce->proto != PROTO_UDPv4 && options->fragment)
msg (M_USAGE, "--fragment can only be used with --proto udp");
#endif
#ifdef ENABLE_OCC
- if (options->proto != PROTO_UDPv4 && options->explicit_exit_notification)
+ if (ce->proto != PROTO_UDPv4 && options->explicit_exit_notification)
msg (M_USAGE, "--explicit-exit-notify can only be used with --proto udp");
#endif
- if (!options->remote_list && options->proto == PROTO_TCPv4_CLIENT)
+ if (!ce->remote && ce->proto == PROTO_TCPv4_CLIENT)
msg (M_USAGE, "--remote MUST be used in TCP Client mode");
#ifdef ENABLE_HTTP_PROXY
- if ((options->http_proxy_options || options->auto_proxy_info) && options->proto != PROTO_TCPv4_CLIENT)
+ if ((ce->http_proxy_options || options->auto_proxy_info) && ce->proto != PROTO_TCPv4_CLIENT)
msg (M_USAGE, "--http-proxy or --auto-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)");
#endif
#if defined(ENABLE_HTTP_PROXY) && defined(ENABLE_SOCKS)
- if (options->http_proxy_options && options->socks_proxy_server)
+ if (ce->http_proxy_options && ce->socks_proxy_server)
msg (M_USAGE, "--http-proxy can not be used together with --socks-proxy");
#endif
#ifdef ENABLE_SOCKS
- if (options->socks_proxy_server && options->proto == PROTO_TCPv4_SERVER)
+ if (ce->socks_proxy_server && ce->proto == PROTO_TCPv4_SERVER)
msg (M_USAGE, "--socks-proxy can not be used in TCP Server mode");
#endif
- if (options->proto == PROTO_TCPv4_SERVER && remote_list_len (options->remote_list) > 1)
+ if (ce->proto == PROTO_TCPv4_SERVER && connection_list_defined (options))
msg (M_USAGE, "TCP server mode allows at most one --remote address");
#if P2MP_SERVER
*/
if (options->mode == MODE_SERVER)
{
-#ifdef WIN32
- /*
- * We need to explicitly set --tap-sleep because
- * we do not schedule event timers in the top-level context.
- */
- options->tuntap_options.tap_sleep = 10;
- if (options->route_delay_defined && options->route_delay)
- options->tuntap_options.tap_sleep = options->route_delay;
- options->route_delay_defined = false;
-#endif
-
if (!(dev == DEV_TYPE_TUN || dev == DEV_TYPE_TAP))
msg (M_USAGE, "--mode server only works with --dev tun or --dev tap");
if (options->pull)
msg (M_USAGE, "--pull cannot be used with --mode server");
- if (!(options->proto == PROTO_UDPv4 || options->proto == PROTO_TCPv4_SERVER))
+ if (!(ce->proto == PROTO_UDPv4 || ce->proto == PROTO_TCPv4_SERVER))
msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server");
#if PORT_SHARE
- if ((options->port_share_host || options->port_share_port) && options->proto != PROTO_TCPv4_SERVER)
+ if ((options->port_share_host || options->port_share_port) && ce->proto != PROTO_TCPv4_SERVER)
msg (M_USAGE, "--port-share only works in TCP server mode (--proto tcp-server)");
#endif
if (!options->tls_server)
msg (M_USAGE, "--mode server requires --tls-server");
- if (options->remote_list)
+ if (ce->remote)
msg (M_USAGE, "--remote cannot be used with --mode server");
- if (!options->bind_local)
+ if (!ce->bind_local)
msg (M_USAGE, "--nobind cannot be used with --mode server");
#ifdef ENABLE_HTTP_PROXY
- if (options->http_proxy_options)
+ if (ce->http_proxy_options)
msg (M_USAGE, "--http-proxy cannot be used with --mode server");
#endif
#ifdef ENABLE_SOCKS
- if (options->socks_proxy_server)
+ if (ce->socks_proxy_server)
msg (M_USAGE, "--socks-proxy cannot be used with --mode server");
+#endif
+#ifdef ENABLE_CONNECTION
+ if (options->connection_list)
+ msg (M_USAGE, "<connection> cannot be used with --mode server");
#endif
if (options->tun_ipv6)
msg (M_USAGE, "--tun-ipv6 cannot be used with --mode server");
msg (M_USAGE, "--inetd cannot be used with --mode server");
if (options->ipchange)
msg (M_USAGE, "--ipchange cannot be used with --mode server (use --client-connect instead)");
- if (!(options->proto == PROTO_UDPv4 || options->proto == PROTO_TCPv4_SERVER))
+ if (!(ce->proto == PROTO_UDPv4 || ce->proto == PROTO_TCPv4_SERVER))
msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server");
- if (options->proto != PROTO_UDPv4 && (options->cf_max || options->cf_per))
+ if (ce->proto != PROTO_UDPv4 && (options->cf_max || options->cf_per))
msg (M_USAGE, "--connect-freq only works with --mode server --proto udp. Try --max-clients instead.");
if (!(dev == DEV_TYPE_TAP || (dev == DEV_TYPE_TUN && options->topology == TOP_SUBNET)) && options->ifconfig_pool_netmask)
msg (M_USAGE, "The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode");
/*
* Check consistency of replay options
*/
- if ((options->proto != PROTO_UDPv4)
+ if ((ce->proto != PROTO_UDPv4)
&& (options->replay_window != defaults.replay_window
|| options->replay_time != defaults.replay_time))
msg (M_USAGE, "--replay-window only makes sense with --proto udp");
|| options->replay_time != defaults.replay_time))
msg (M_USAGE, "--replay-window doesn't make sense when replay protection is disabled with --no-replay");
- /*
- * Don't use replay window for TCP mode (i.e. require that packets
- * be strictly in sequence).
- */
- if (link_socket_proto_connection_oriented (options->proto))
- options->replay_window = options->replay_time = 0;
-
/*
* SSL/TLS mode sanity checks.
*/
#endif /* USE_SSL */
#if P2MP
+ if (options->auth_user_pass_file && !options->pull)
+ msg (M_USAGE, "--auth-user-pass requires --pull");
+#endif
+
+ uninit_options (&defaults);
+}
+
+static void
+options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)
+{
+#if P2MP_SERVER
+ if (o->server_defined || o->server_bridge_defined)
+ {
+ if (ce->proto == PROTO_TCPv4)
+ ce->proto = PROTO_TCPv4_SERVER;
+ }
+#endif
+#if P2MP
+ if (o->client)
+ {
+ if (ce->proto == PROTO_TCPv4)
+ ce->proto = PROTO_TCPv4_CLIENT;
+ }
+#endif
+
+ if (ce->proto == PROTO_TCPv4_CLIENT && !ce->local && !ce->local_port_defined && !ce->bind_defined)
+ ce->bind_local = false;
+
+#ifdef ENABLE_SOCKS
+ if (ce->proto == PROTO_UDPv4 && ce->socks_proxy_server && !ce->local && !ce->local_port_defined && !ce->bind_defined)
+ ce->bind_local = false;
+#endif
+
+ if (!ce->bind_local)
+ ce->local_port = 0;
+}
+
+static void
+options_postprocess_mutate_invariant (struct options *options)
+{
+ const int dev = dev_type_enum (options->dev, options->dev_type);
+
/*
- * In pull mode, we usually import --ping/--ping-restart parameters from
- * the server. However we should also set an initial default --ping-restart
- * for the period of time before we pull the --ping-restart parameter
- * from the server.
+ * If --mssfix is supplied without a parameter, default
+ * it to --fragment value, if --fragment is specified.
*/
- if (options->pull
- && options->ping_rec_timeout_action == PING_UNDEF
- && options->proto == PROTO_UDPv4)
+ if (options->mssfix_default)
{
- options->ping_rec_timeout = PRE_PULL_INITIAL_PING_RESTART;
- options->ping_rec_timeout_action = PING_RESTART;
+#ifdef ENABLE_FRAGMENT
+ if (options->fragment)
+ options->mssfix = options->fragment;
+#else
+ msg (M_USAGE, "--mssfix must specify a parameter");
+#endif
}
- if (options->auth_user_pass_file && !options->pull)
- msg (M_USAGE, "--auth-user-pass requires --pull");
+ /*
+ * In forking TCP server mode, you don't need to ifconfig
+ * the tap device (the assumption is that it will be bridged).
+ */
+ if (options->inetd == INETD_NOWAIT)
+ options->ifconfig_noexec = true;
+ /*
+ * Set MTU defaults
+ */
+ {
+ if (!options->tun_mtu_defined && !options->link_mtu_defined)
+ {
+ options->tun_mtu_defined = true;
+ }
+ if ((dev == DEV_TYPE_TAP) && !options->tun_mtu_extra_defined)
+ {
+ options->tun_mtu_extra_defined = true;
+ options->tun_mtu_extra = TAP_MTU_EXTRA_DEFAULT;
+ }
+ }
+
+#ifdef WIN32
+ if ((dev == DEV_TYPE_TUN || dev == DEV_TYPE_TAP) && !options->route_delay_defined)
+ {
+ if (options->mode == MODE_POINT_TO_POINT)
+ {
+ options->route_delay_defined = true;
+ options->route_delay = 5; /* Vista sometimes has a race without this */
+ }
+ }
+
+ if (options->ifconfig_noexec)
+ {
+ options->tuntap_options.ip_win32_type = IPW32_SET_MANUAL;
+ options->ifconfig_noexec = false;
+ }
+#endif
+
+#if P2MP_SERVER
+ /*
+ * Check consistency of --mode server options.
+ */
+ if (options->mode == MODE_SERVER)
+ {
+#ifdef WIN32
+ /*
+ * We need to explicitly set --tap-sleep because
+ * we do not schedule event timers in the top-level context.
+ */
+ options->tuntap_options.tap_sleep = 10;
+ if (options->route_delay_defined && options->route_delay)
+ options->tuntap_options.tap_sleep = options->route_delay;
+ options->route_delay_defined = false;
+#endif
+ }
+#endif
+}
+
+static void
+options_postprocess_verify (const struct options *o)
+{
+#ifdef ENABLE_CONNECTION
+ if (o->connection_list)
+ {
+ int i;
+ for (i = 0; i < o->connection_list->len; ++i)
+ options_postprocess_verify_ce (o, o->connection_list->array[i]);
+ }
+ else
+#endif
+ options_postprocess_verify_ce (o, &o->ce);
+}
+
+static void
+options_postprocess_mutate (struct options *o)
+{
+ /*
+ * Process helper-type options which map to other, more complex
+ * sequences of options.
+ */
+ helper_client_server (o);
+ helper_keepalive (o);
+
+ options_postprocess_mutate_invariant (o);
+
+#ifdef ENABLE_CONNECTION
+ if (o->remote_list && !o->connection_list)
+ {
+ /*
+ * For compatibility with 2.0.x, map multiple --remote options
+ * into connection list (connection lists added in 2.1).
+ */
+ if (o->remote_list->len > 1)
+ {
+ const struct remote_list *rl = o->remote_list;
+ int i;
+ for (i = 0; i < rl->len; ++i)
+ {
+ const struct remote_entry *re = rl->array[i];
+ struct connection_entry ce = o->ce;
+ struct connection_entry *ace;
+
+ ASSERT (re->remote);
+ connection_entry_load_re (&ce, re);
+ ace = alloc_connection_entry (o, M_USAGE);
+ ASSERT (ace);
+ *ace = ce;
+ }
+ }
+ else if (o->remote_list->len == 1) /* one --remote option specfied */
+ {
+ connection_entry_load_re (&o->ce, o->remote_list->array[0]);
+ }
+ else
+ {
+ ASSERT (0);
+ }
+ }
+ if (o->connection_list)
+ {
+ int i;
+ for (i = 0; i < o->connection_list->len; ++i)
+ options_postprocess_mutate_ce (o, o->connection_list->array[i]);
+ }
+ else
+#endif
+ options_postprocess_mutate_ce (o, &o->ce);
+
+#if P2MP
/*
* Save certain parms before modifying options via --pull
*/
- pre_pull_save (options);
+ pre_pull_save (o);
#endif
}
+/*
+ * Sanity check on options.
+ * Also set some options based on other
+ * options.
+ */
+void
+options_postprocess (struct options *options)
+{
+ options_postprocess_mutate (options);
+ options_postprocess_verify (options);
+}
+
#if P2MP
/*
buf_printf (&out, ",dev-type %s", dev_type_string (o->dev, o->dev_type));
buf_printf (&out, ",link-mtu %d", EXPANDED_SIZE (frame));
buf_printf (&out, ",tun-mtu %d", PAYLOAD_SIZE (frame));
- buf_printf (&out, ",proto %s", proto2ascii (proto_remote (o->proto, remote), true));
+ buf_printf (&out, ",proto %s", proto2ascii (proto_remote (o->ce.proto, remote), true));
if (o->tun_ipv6)
buf_printf (&out, ",tun-ipv6");
#else
struct options o;
- init_options (&o);
+ init_options (&o, true);
#if defined(USE_CRYPTO) && defined(USE_SSL)
fprintf (fp, usage_message,
title_string,
- o.connect_retry_seconds,
- o.local_port, o.remote_port,
+ o.ce.connect_retry_seconds,
+ o.ce.local_port, o.ce.remote_port,
TUN_MTU_DEFAULT, TAP_MTU_EXTRA_DEFAULT,
o.verbosity,
o.authname, o.ciphername,
#elif defined(USE_CRYPTO)
fprintf (fp, usage_message,
title_string,
- o.connect_retry_seconds,
- o.local_port, o.remote_port,
+ o.ce.connect_retry_seconds,
+ o.ce.local_port, o.ce.remote_port,
TUN_MTU_DEFAULT, TAP_MTU_EXTRA_DEFAULT,
o.verbosity,
o.authname, o.ciphername,
#else
fprintf (fp, usage_message,
title_string,
- o.connect_retry_seconds,
- o.local_port, o.remote_port,
+ o.ce.connect_retry_seconds,
+ o.ce.local_port, o.ce.remote_port,
TUN_MTU_DEFAULT, TAP_MTU_EXTRA_DEFAULT,
o.verbosity);
#endif
}
static void
-read_config_string (struct options *options,
+read_config_string (const char *prefix,
+ struct options *options,
const char *config,
const int msglevel,
const unsigned int permission_mask,
unsigned int *option_types_found,
struct env_set *es)
{
- const char *file = "[CONFIG-STRING]";
char line[OPTION_LINE_SIZE];
struct buffer multiline;
int line_num = 0;
char *p[MAX_PARMS];
CLEAR (p);
++line_num;
- if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc))
+ if (parse_line (line, p, SIZE (p), prefix, line_num, msglevel, &options->gc))
{
bypass_doubledash (&p[0]);
#if ENABLE_INLINE_FILES
unsigned int *option_types_found,
struct env_set *es)
{
- read_config_string (options, config, msglevel, permission_mask, option_types_found, es);
+ read_config_string ("[CONFIG-STRING]", options, config, msglevel, permission_mask, option_types_found, es);
}
#if P2MP
}
else if (streq (p[0], "local") && p[1])
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->local = p[1];
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ options->ce.local = p[1];
}
else if (streq (p[0], "remote-random"))
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->remote_random = true;
}
- else if (streq (p[0], "remote") && p[1])
+#if ENABLE_CONNECTION
+ else if (streq (p[0], "connection") && p[1])
{
- struct remote_list *l;
- struct remote_entry e;
-
VERIFY_PERMISSION (OPT_P_GENERAL);
- if (!options->remote_list)
- ALLOC_OBJ_CLEAR_GC (options->remote_list, struct remote_list, &options->gc);
- l = options->remote_list;
- if (l->len >= REMOTE_LIST_SIZE)
+ if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
- msg (msglevel, "Maximum number of --remote options (%d) exceeded", REMOTE_LIST_SIZE);
- goto err;
+ struct options sub;
+ struct connection_entry *e;
+
+ init_options (&sub, true);
+ sub.ce = options->ce;
+ read_config_string ("[CONNECTION-OPTIONS]", &sub, p[2], msglevel, OPT_P_CONNECTION, option_types_found, es);
+ if (!sub.ce.remote)
+ {
+ msg (msglevel, "Each 'connection' block must contain exactly one 'remote' directive");
+ goto err;
+ }
+
+ e = alloc_connection_entry (options, msglevel);
+ if (!e)
+ goto err;
+ *e = sub.ce;
+ gc_transfer (&options->gc, &sub.gc);
+ uninit_options (&sub);
}
- e.hostname = p[1];
+ }
+#endif
+ else if (streq (p[0], "remote") && p[1])
+ {
+ struct remote_entry re;
+ re.remote = NULL;
+ re.remote_port = re.proto = -1;
+
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ re.remote = p[1];
if (p[2])
{
- e.port = atoi (p[2]);
- if (!legal_ipv4_port (e.port))
+ const int port = atoi (p[2]);
+ if (!legal_ipv4_port (port))
{
- msg (msglevel, "port number associated with host %s is out of range", e.hostname);
+ msg (msglevel, "remote: port number associated with host %s is out of range", p[1]);
goto err;
}
+ re.remote_port = port;
+ if (p[3])
+ {
+ const int proto = ascii2proto (p[3]);
+ if (proto < 0)
+ {
+ msg (msglevel, "remote: bad protocol associated with host %s: '%s'", p[1], p[3]);
+ goto err;
+ }
+ re.proto = proto;
+ }
+ }
+#ifdef ENABLE_CONNECTION
+ if (permission_mask & OPT_P_GENERAL)
+ {
+ struct remote_entry *e = alloc_remote_entry (options, msglevel);
+ if (!e)
+ goto err;
+ *e = re;
+ }
+ else if (permission_mask & OPT_P_CONNECTION)
+#endif
+ {
+ connection_entry_load_re (&options->ce, &re);
}
- else
- e.port = -1;
- l->array[l->len++] = e;
}
else if (streq (p[0], "resolv-retry") && p[1])
{
}
else if (streq (p[0], "connect-retry") && p[1])
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->connect_retry_seconds = positive_atoi (p[1]);
- options->connect_retry_defined = true;
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ options->ce.connect_retry_seconds = positive_atoi (p[1]);
+ options->ce.connect_retry_defined = true;
}
else if (streq (p[0], "connect-timeout") && p[1])
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->connect_timeout = positive_atoi (p[1]);
- options->connect_timeout_defined = true;
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ options->ce.connect_timeout = positive_atoi (p[1]);
+ options->ce.connect_timeout_defined = true;
}
else if (streq (p[0], "connect-retry-max") && p[1])
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->connect_retry_max = positive_atoi (p[1]);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ options->ce.connect_retry_max = positive_atoi (p[1]);
}
else if (streq (p[0], "ipchange") && p[1])
{
}
else if (streq (p[0], "float"))
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->remote_float = true;
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ options->ce.remote_float = true;
}
#ifdef ENABLE_DEBUG
else if (streq (p[0], "gremlin") && p[1])
{
int port;
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
port = atoi (p[1]);
if (!legal_ipv4_port (port))
{
msg (msglevel, "Bad port number: %s", p[1]);
goto err;
}
- options->port_option_used = true;
- options->local_port = options->remote_port = port;
+ options->ce.port_option_used = true;
+ options->ce.local_port = options->ce.remote_port = port;
}
else if (streq (p[0], "lport") && p[1])
{
int port;
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
port = atoi (p[1]);
if (!legal_ipv4_port (port))
{
msg (msglevel, "Bad local port number: %s", p[1]);
goto err;
}
- options->local_port_defined = true;
- options->port_option_used = true;
- options->local_port = port;
+ options->ce.local_port_defined = true;
+ options->ce.port_option_used = true;
+ options->ce.local_port = port;
}
else if (streq (p[0], "rport") && p[1])
{
int port;
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
port = atoi (p[1]);
if (!legal_ipv4_port (port))
{
msg (msglevel, "Bad remote port number: %s", p[1]);
goto err;
}
- options->port_option_used = true;
- options->remote_port = port;
+ options->ce.port_option_used = true;
+ options->ce.remote_port = port;
}
else if (streq (p[0], "bind"))
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->bind_defined = true;
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ options->ce.bind_defined = true;
}
else if (streq (p[0], "nobind"))
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->bind_local = false;
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ options->ce.bind_local = false;
}
else if (streq (p[0], "fast-io"))
{
else if (streq (p[0], "proto") && p[1])
{
int proto;
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
proto = ascii2proto (p[1]);
if (proto < 0)
{
proto2ascii_all (&gc));
goto err;
}
- options->proto = proto;
+ options->ce.proto = proto;
}
#ifdef GENERAL_PROXY_SUPPORT
else if (streq (p[0], "auto-proxy"))
{
struct http_proxy_options *ho;
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
{
int port;
else if (streq (p[0], "http-proxy-retry"))
{
struct http_proxy_options *ho;
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
ho = init_http_options_if_undefined (options);
ho->retry = true;
}
{
struct http_proxy_options *ho;
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
ho = init_http_options_if_undefined (options);
ho->timeout = positive_atoi (p[1]);
}
{
struct http_proxy_options *ho;
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
ho = init_http_options_if_undefined (options);
if (streq (p[1], "VERSION") && p[2])
#ifdef ENABLE_SOCKS
else if (streq (p[0], "socks-proxy") && p[1])
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
if (p[2])
{
msg (msglevel, "Bad socks-proxy port number: %s", p[2]);
goto err;
}
- options->socks_proxy_port = port;
+ options->ce.socks_proxy_port = port;
}
else
{
- options->socks_proxy_port = 1080;
+ options->ce.socks_proxy_port = 1080;
}
- options->socks_proxy_server = p[1];
+ options->ce.socks_proxy_server = p[1];
}
else if (streq (p[0], "socks-proxy-retry"))
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->socks_proxy_retry = true;
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ options->ce.socks_proxy_retry = true;
}
#endif
else if (streq (p[0], "keepalive") && p[1] && p[2])
projects / thirdparty / openvpn.git / commitdiff
