diff options
Diffstat (limited to 'openvpn/options.h')
| -rw-r--r-- | openvpn/options.h | 564 |
1 files changed, 0 insertions, 564 deletions
diff --git a/openvpn/options.h b/openvpn/options.h deleted file mode 100644 index c7294be..0000000 --- a/openvpn/options.h +++ /dev/null @@ -1,564 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * 2004-01-28: Added Socks5 proxy support - * (Christof Meerwald, http://cmeerw.org) - */ - -#ifndef OPTIONS_H -#define OPTIONS_H - -#include "basic.h" -#include "common.h" -#include "mtu.h" -#include "route.h" -#include "tun.h" -#include "socket.h" -#include "plugin.h" -#include "manage.h" -#include "proxy.h" - -/* - * Maximum number of parameters associated with an option, - * including the option name itself. - */ -#define MAX_PARMS 16 - -/* - * Max size of options line and parameter. - */ -#define OPTION_PARM_SIZE 256 -#define OPTION_LINE_SIZE 256 - -extern const char title_string[]; - -#if P2MP - -#if P2MP_SERVER -/* parameters to be pushed to peer */ - -#define MAX_PUSH_LIST_LEN TLS_CHANNEL_BUF_SIZE /* This parm is related to PLAINTEXT_BUFFER_SIZE in ssl.h */ - -struct push_list { - /* newline delimited options, like config file */ - char options[MAX_PUSH_LIST_LEN]; -}; -#endif - -/* certain options are saved before --pull modifications are applied */ -struct options_pre_pull -{ - bool tuntap_options_defined; - struct tuntap_options tuntap_options; - - bool routes_defined; - struct route_option_list routes; - - int foreign_option_index; -}; - -#endif - -/* Command line options */ -struct options -{ - struct gc_arena gc; - - /* first config file */ - const char *config; - - /* major mode */ -# define MODE_POINT_TO_POINT 0 -# define MODE_SERVER 1 - int mode; - - /* persist parms */ - bool persist_config; - int persist_mode; - -#ifdef USE_CRYPTO - const char *key_pass_file; - bool show_ciphers; - bool show_digests; - bool show_engines; -#ifdef USE_SSL - bool show_tls_ciphers; -#endif - bool genkey; -#endif - - /* Networking parms */ - const char *local; - int local_port; - bool local_port_defined; - int remote_port; - bool port_option_used; - bool remote_float; - struct remote_list *remote_list; - bool remote_random; - const char *ipchange; - bool bind_local; - const char *dev; - const char *dev_type; - const char *dev_node; - const char *ifconfig_local; - const char *ifconfig_remote_netmask; - bool ifconfig_noexec; - bool ifconfig_nowarn; -#ifdef HAVE_GETTIMEOFDAY - int shaper; -#endif - int tun_mtu; /* MTU of tun device */ - int tun_mtu_extra; - bool tun_mtu_extra_defined; - int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */ - bool tun_mtu_defined; /* true if user overriding parm with command line option */ - bool link_mtu_defined; /* true if user overriding parm with command line option */ - - /* Protocol type (PROTO_UDP or PROTO_TCP) */ - int proto; - int connect_retry_seconds; - bool connect_retry_defined; - - /* Advanced MTU negotiation and datagram fragmentation options */ - int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */ - -#ifdef ENABLE_OCC - bool mtu_test; -#endif - - int fragment; /* internal fragmentation size */ - - bool mlock; - - int keepalive_ping; /* a proxy for ping/ping-restart */ - int keepalive_timeout; - - int inactivity_timeout; - int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */ - int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */ - bool ping_timer_remote; /* Run ping timer only if we have a remote address */ - bool tun_ipv6; /* Build tun dev that supports IPv6 */ - -# define PING_UNDEF 0 -# define PING_EXIT 1 -# define PING_RESTART 2 - int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */ - -#ifdef ENABLE_OCC - int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT message */ -#endif - - bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */ - bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */ - bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */ - bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */ - - int mssfix; /* Upper bound on TCP MSS */ - bool mssfix_default; /* true if --mssfix was supplied without a parameter */ - -#if PASSTOS_CAPABILITY - bool passtos; -#endif - - int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */ - - struct tuntap_options tuntap_options; - - /* Misc parms */ - const char *username; - const char *groupname; - const char *chroot_dir; - const char *cd_dir; - const char *writepid; - const char *up_script; - const char *down_script; - bool down_pre; - bool up_delay; - bool up_restart; - bool daemon; - - int remap_sigusr1; - - /* inetd modes defined in socket.h */ - int inetd; - - bool log; - bool suppress_timestamps; - int nice; - int verbosity; - int mute; - -#ifdef ENABLE_DEBUG - int gremlin; -#endif - - const char *status_file; - int status_file_version; - int status_file_update_freq; - - /* optimize TUN/TAP/UDP writes */ - bool fast_io; - -#ifdef USE_LZO - bool comp_lzo; - bool comp_lzo_adaptive; -#endif - - /* buffer sizes */ - int rcvbuf; - int sndbuf; - - /* route management */ - const char *route_script; - const char *route_default_gateway; - bool route_noexec; - int route_delay; - int route_delay_window; - bool route_delay_defined; - struct route_option_list *routes; - -#ifdef ENABLE_HTTP_PROXY - struct http_proxy_options *http_proxy_options; -#endif - -#ifdef ENABLE_SOCKS - /* socks proxy */ - const char *socks_proxy_server; - int socks_proxy_port; - bool socks_proxy_retry; -#endif - -#ifdef ENABLE_OCC - /* Enable options consistency check between peers */ - bool occ; -#endif - -#ifdef ENABLE_MANAGEMENT - const char *management_addr; - int management_port; - const char *management_user_pass; - int management_log_history_cache; - int management_echo_buffer_size; - int management_state_buffer_size; - bool management_query_passwords; - bool management_hold; -#endif - -#ifdef ENABLE_PLUGIN - struct plugin_option_list *plugin_list; -#endif - -#ifdef USE_PTHREAD - int n_threads; - int nice_work; -#endif - -#if P2MP - -#if P2MP_SERVER - bool server_defined; - in_addr_t server_network; - in_addr_t server_netmask; - - bool server_bridge_defined; - in_addr_t server_bridge_ip; - in_addr_t server_bridge_netmask; - in_addr_t server_bridge_pool_start; - in_addr_t server_bridge_pool_end; - - struct push_list *push_list; - bool ifconfig_pool_defined; - in_addr_t ifconfig_pool_start; - in_addr_t ifconfig_pool_end; - in_addr_t ifconfig_pool_netmask; - const char *ifconfig_pool_persist_filename; - int ifconfig_pool_persist_refresh_freq; - bool ifconfig_pool_linear; - int real_hash_size; - int virtual_hash_size; - const char *client_connect_script; - const char *client_disconnect_script; - const char *learn_address_script; - const char *tmp_dir; - const char *client_config_dir; - bool ccd_exclusive; - bool disable; - int n_bcast_buf; - int tcp_queue_limit; - struct iroute *iroutes; - bool push_ifconfig_defined; - in_addr_t push_ifconfig_local; - in_addr_t push_ifconfig_remote_netmask; - bool enable_c2c; - bool duplicate_cn; - int cf_max; - int cf_per; - int max_clients; - int max_routes_per_client; - - bool client_cert_not_required; - bool username_as_common_name; - const char *auth_user_pass_verify_script; - bool auth_user_pass_verify_script_via_file; -#endif - - bool client; - bool pull; /* client pull of config options from server */ - const char *auth_user_pass_file; - struct options_pre_pull *pre_pull; - - int scheduled_exit_interval; - -#endif - -#ifdef USE_CRYPTO - /* Cipher parms */ - const char *shared_secret_file; - int key_direction; - bool ciphername_defined; - const char *ciphername; - bool authname_defined; - const char *authname; - int keysize; - const char *engine; - bool replay; - bool mute_replay_warnings; - int replay_window; - int replay_time; - const char *packet_id_file; - bool use_iv; - bool test_crypto; - -#ifdef USE_SSL - /* TLS (control channel) parms */ - bool tls_server; - bool tls_client; - const char *ca_file; - const char *dh_file; - const char *cert_file; - const char *priv_key_file; - const char *pkcs12_file; - const char *cipher_list; - const char *tls_verify; - const char *tls_remote; - const char *crl_file; - int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */ -#ifdef WIN32 - const char *cryptoapi_cert; -#endif - - /* data channel key exchange method */ - int key_method; - - /* Per-packet timeout on control channel */ - int tls_timeout; - - /* Data channel key renegotiation parameters */ - int renegotiate_bytes; - int renegotiate_packets; - int renegotiate_seconds; - - /* Data channel key handshake must finalize - within n seconds of handshake initiation. */ - int handshake_window; - - /* Old key allowed to live n seconds after new key goes active */ - int transition_window; - - /* Special authentication MAC for TLS control channel */ - const char *tls_auth_file; /* shared secret */ - - /* Allow only one session */ - bool single_session; - - bool tls_exit; - -#endif /* USE_SSL */ -#endif /* USE_CRYPTO */ - - /* special state parms */ - int foreign_option_index; - -#ifdef WIN32 - const char *exit_event_name; - bool exit_event_initial_state; - bool show_net_up; - int route_method; -#endif -}; - -#define streq(x, y) (!strcmp((x), (y))) - -/* - * Option classes. - */ -#define OPT_P_GENERAL (1<<0) -#define OPT_P_UP (1<<1) -#define OPT_P_ROUTE (1<<2) -#define OPT_P_IPWIN32 (1<<3) -#define OPT_P_SCRIPT (1<<4) -#define OPT_P_SETENV (1<<5) -#define OPT_P_SHAPER (1<<6) -#define OPT_P_TIMER (1<<7) -#define OPT_P_PERSIST (1<<8) -#define OPT_P_PERSIST_IP (1<<9) -#define OPT_P_COMP (1<<10) /* TODO */ -#define OPT_P_MESSAGES (1<<11) -#define OPT_P_CRYPTO (1<<12) /* TODO */ -#define OPT_P_TLS_PARMS (1<<13) /* TODO */ -#define OPT_P_MTU (1<<14) /* TODO */ -#define OPT_P_NICE (1<<15) -#define OPT_P_PUSH (1<<16) -#define OPT_P_INSTANCE (1<<17) -#define OPT_P_CONFIG (1<<18) -#define OPT_P_EXPLICIT_NOTIFY (1<<19) -#define OPT_P_ECHO (1<<20) -#define OPT_P_INHERIT (1<<21) - -#define OPT_P_DEFAULT (~OPT_P_INSTANCE) - -#if P2MP -#define PULL_DEFINED(opt) ((opt)->pull) -#if P2MP_SERVER -#define PUSH_DEFINED(opt) ((opt)->push_list) -#endif -#endif - -#ifndef PULL_DEFINED -#define PULL_DEFINED(opt) (false) -#endif - -#ifndef PUSH_DEFINED -#define PUSH_DEFINED(opt) (false) -#endif - -#ifdef WIN32 -#define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK) -#else -#define ROUTE_OPTION_FLAGS(o) (0) -#endif - -#ifdef HAVE_GETTIMEOFDAY -#define SHAPER_DEFINED(opt) ((opt)->shaper) -#else -#define SHAPER_DEFINED(opt) (false) -#endif - -#ifdef ENABLE_PLUGIN -#define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list) -#else -#define PLUGIN_OPTION_LIST(opt) (NULL) -#endif - -void parse_argv (struct options *options, - const int argc, - char *argv[], - const int msglevel, - const unsigned int permission_mask, - unsigned int *option_types_found, - struct env_set *es); - -void notnull (const char *arg, const char *description); - -void usage_small (void); - -void init_options (struct options *o); -void uninit_options (struct options *o); - -void setenv_settings (struct env_set *es, const struct options *o); -void show_settings (const struct options *o); - -bool string_defined_equal (const char *s1, const char *s2); - -#ifdef ENABLE_OCC - -const char *options_string_version (const char* s, struct gc_arena *gc); - -char *options_string (const struct options *o, - const struct frame *frame, - struct tuntap *tt, - bool remote, - struct gc_arena *gc); - -int options_cmp_equal_safe (char *actual, const char *expected, size_t actual_n); -void options_warning_safe (char *actual, const char *expected, size_t actual_n); -int options_cmp_equal (char *actual, const char *expected); -void options_warning (char *actual, const char *expected); - -#endif - -void options_postprocess (struct options *options, bool first_time); - -void pre_pull_save (struct options *o); -void pre_pull_restore (struct options *o); - -bool apply_push_options (struct options *options, - struct buffer *buf, - unsigned int permission_mask, - unsigned int *option_types_found, - struct env_set *es); - -bool is_persist_option (const struct options *o); -bool is_stateful_restart (const struct options *o); - -void options_detach (struct options *o); - -void options_server_import (struct options *o, - const char *filename, - int msglevel, - unsigned int permission_mask, - unsigned int *option_types_found, - struct env_set *es); - -void pre_pull_default (struct options *o); - -void rol_check_alloc (struct options *options); - -int parse_line (const char *line, - char *p[], - const int n, - const char *file, - const int line_num, - int msglevel, - struct gc_arena *gc); - -/* - * Manage auth-retry variable - */ - -#if P2MP - -#define AR_NONE 0 -#define AR_INTERACT 1 -#define AR_NOINTERACT 2 - -int auth_retry_get (void); -bool auth_retry_set (const int msglevel, const char *option); -const char *auth_retry_print (void); - -#endif - -#endif |