search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
svn cleanup
[anytun.git] / openvpn / options.h
blobc7294bea64134b5041781146d2a2b784d5e00491
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25 /*
26 * 2004-01-28: Added Socks5 proxy support
27 * (Christof Meerwald, http://cmeerw.org)
28 */
29
30 #ifndef OPTIONS_H
31 #define OPTIONS_H
32
33 #include "basic.h"
34 #include "common.h"
35 #include "mtu.h"
36 #include "route.h"
37 #include "tun.h"
38 #include "socket.h"
39 #include "plugin.h"
40 #include "manage.h"
41 #include "proxy.h"
42
43 /*
44 * Maximum number of parameters associated with an option,
45 * including the option name itself.
46 */
47 #define MAX_PARMS 16
48
49 /*
50 * Max size of options line and parameter.
51 */
52 #define OPTION_PARM_SIZE 256
53 #define OPTION_LINE_SIZE 256
54
55 extern const char title_string[];
56
57 #if P2MP
58
59 #if P2MP_SERVER
60 /* parameters to be pushed to peer */
61
62 #define MAX_PUSH_LIST_LEN TLS_CHANNEL_BUF_SIZE /* This parm is related to PLAINTEXT_BUFFER_SIZE in ssl.h */
63
64 struct push_list {
65 /* newline delimited options, like config file */
66 char options[MAX_PUSH_LIST_LEN];
67 };
68 #endif
69
70 /* certain options are saved before --pull modifications are applied */
71 struct options_pre_pull
72 {
73 bool tuntap_options_defined;
74 struct tuntap_options tuntap_options;
75
76 bool routes_defined;
77 struct route_option_list routes;
78
79 int foreign_option_index;
80 };
81
82 #endif
83
84 /* Command line options */
85 struct options
86 {
87 struct gc_arena gc;
88
89 /* first config file */
90 const char *config;
91
92 /* major mode */
93 # define MODE_POINT_TO_POINT 0
94 # define MODE_SERVER 1
95 int mode;
96
97 /* persist parms */
98 bool persist_config;
99 int persist_mode;
100
101 #ifdef USE_CRYPTO
102 const char *key_pass_file;
103 bool show_ciphers;
104 bool show_digests;
105 bool show_engines;
106 #ifdef USE_SSL
107 bool show_tls_ciphers;
108 #endif
109 bool genkey;
110 #endif
111
112 /* Networking parms */
113 const char *local;
114 int local_port;
115 bool local_port_defined;
116 int remote_port;
117 bool port_option_used;
118 bool remote_float;
119 struct remote_list *remote_list;
120 bool remote_random;
121 const char *ipchange;
122 bool bind_local;
123 const char *dev;
124 const char *dev_type;
125 const char *dev_node;
126 const char *ifconfig_local;
127 const char *ifconfig_remote_netmask;
128 bool ifconfig_noexec;
129 bool ifconfig_nowarn;
130 #ifdef HAVE_GETTIMEOFDAY
131 int shaper;
132 #endif
133 int tun_mtu; /* MTU of tun device */
134 int tun_mtu_extra;
135 bool tun_mtu_extra_defined;
136 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */
137 bool tun_mtu_defined; /* true if user overriding parm with command line option */
138 bool link_mtu_defined; /* true if user overriding parm with command line option */
139
140 /* Protocol type (PROTO_UDP or PROTO_TCP) */
141 int proto;
142 int connect_retry_seconds;
143 bool connect_retry_defined;
144
145 /* Advanced MTU negotiation and datagram fragmentation options */
146 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
147
148 #ifdef ENABLE_OCC
149 bool mtu_test;
150 #endif
151
152 int fragment; /* internal fragmentation size */
153
154 bool mlock;
155
156 int keepalive_ping; /* a proxy for ping/ping-restart */
157 int keepalive_timeout;
158
159 int inactivity_timeout;
160 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
161 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
162 bool ping_timer_remote; /* Run ping timer only if we have a remote address */
163 bool tun_ipv6; /* Build tun dev that supports IPv6 */
164
165 # define PING_UNDEF 0
166 # define PING_EXIT 1
167 # define PING_RESTART 2
168 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */
169
170 #ifdef ENABLE_OCC
171 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT message */
172 #endif
173
174 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
175 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
176 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
177 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */
178
179 int mssfix; /* Upper bound on TCP MSS */
180 bool mssfix_default; /* true if --mssfix was supplied without a parameter */
181
182 #if PASSTOS_CAPABILITY
183 bool passtos;
184 #endif
185
186 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */
187
188 struct tuntap_options tuntap_options;
189
190 /* Misc parms */
191 const char *username;
192 const char *groupname;
193 const char *chroot_dir;
194 const char *cd_dir;
195 const char *writepid;
196 const char *up_script;
197 const char *down_script;
198 bool down_pre;
199 bool up_delay;
200 bool up_restart;
201 bool daemon;
202
203 int remap_sigusr1;
204
205 /* inetd modes defined in socket.h */
206 int inetd;
207
208 bool log;
209 bool suppress_timestamps;
210 int nice;
211 int verbosity;
212 int mute;
213
214 #ifdef ENABLE_DEBUG
215 int gremlin;
216 #endif
217
218 const char *status_file;
219 int status_file_version;
220 int status_file_update_freq;
221
222 /* optimize TUN/TAP/UDP writes */
223 bool fast_io;
224
225 #ifdef USE_LZO
226 bool comp_lzo;
227 bool comp_lzo_adaptive;
228 #endif
229
230 /* buffer sizes */
231 int rcvbuf;
232 int sndbuf;
233
234 /* route management */
235 const char *route_script;
236 const char *route_default_gateway;
237 bool route_noexec;
238 int route_delay;
239 int route_delay_window;
240 bool route_delay_defined;
241 struct route_option_list *routes;
242
243 #ifdef ENABLE_HTTP_PROXY
244 struct http_proxy_options *http_proxy_options;
245 #endif
246
247 #ifdef ENABLE_SOCKS
248 /* socks proxy */
249 const char *socks_proxy_server;
250 int socks_proxy_port;
251 bool socks_proxy_retry;
252 #endif
253
254 #ifdef ENABLE_OCC
255 /* Enable options consistency check between peers */
256 bool occ;
257 #endif
258
259 #ifdef ENABLE_MANAGEMENT
260 const char *management_addr;
261 int management_port;
262 const char *management_user_pass;
263 int management_log_history_cache;
264 int management_echo_buffer_size;
265 int management_state_buffer_size;
266 bool management_query_passwords;
267 bool management_hold;
268 #endif
269
270 #ifdef ENABLE_PLUGIN
271 struct plugin_option_list *plugin_list;
272 #endif
273
274 #ifdef USE_PTHREAD
275 int n_threads;
276 int nice_work;
277 #endif
278
279 #if P2MP
280
281 #if P2MP_SERVER
282 bool server_defined;
283 in_addr_t server_network;
284 in_addr_t server_netmask;
285
286 bool server_bridge_defined;
287 in_addr_t server_bridge_ip;
288 in_addr_t server_bridge_netmask;
289 in_addr_t server_bridge_pool_start;
290 in_addr_t server_bridge_pool_end;
291
292 struct push_list *push_list;
293 bool ifconfig_pool_defined;
294 in_addr_t ifconfig_pool_start;
295 in_addr_t ifconfig_pool_end;
296 in_addr_t ifconfig_pool_netmask;
297 const char *ifconfig_pool_persist_filename;
298 int ifconfig_pool_persist_refresh_freq;
299 bool ifconfig_pool_linear;
300 int real_hash_size;
301 int virtual_hash_size;
302 const char *client_connect_script;
303 const char *client_disconnect_script;
304 const char *learn_address_script;
305 const char *tmp_dir;
306 const char *client_config_dir;
307 bool ccd_exclusive;
308 bool disable;
309 int n_bcast_buf;
310 int tcp_queue_limit;
311 struct iroute *iroutes;
312 bool push_ifconfig_defined;
313 in_addr_t push_ifconfig_local;
314 in_addr_t push_ifconfig_remote_netmask;
315 bool enable_c2c;
316 bool duplicate_cn;
317 int cf_max;
318 int cf_per;
319 int max_clients;
320 int max_routes_per_client;
321
322 bool client_cert_not_required;
323 bool username_as_common_name;
324 const char *auth_user_pass_verify_script;
325 bool auth_user_pass_verify_script_via_file;
326 #endif
327
328 bool client;
329 bool pull; /* client pull of config options from server */
330 const char *auth_user_pass_file;
331 struct options_pre_pull *pre_pull;
332
333 int scheduled_exit_interval;
334
335 #endif
336
337 #ifdef USE_CRYPTO
338 /* Cipher parms */
339 const char *shared_secret_file;
340 int key_direction;
341 bool ciphername_defined;
342 const char *ciphername;
343 bool authname_defined;
344 const char *authname;
345 int keysize;
346 const char *engine;
347 bool replay;
348 bool mute_replay_warnings;
349 int replay_window;
350 int replay_time;
351 const char *packet_id_file;
352 bool use_iv;
353 bool test_crypto;
354
355 #ifdef USE_SSL
356 /* TLS (control channel) parms */
357 bool tls_server;
358 bool tls_client;
359 const char *ca_file;
360 const char *dh_file;
361 const char *cert_file;
362 const char *priv_key_file;
363 const char *pkcs12_file;
364 const char *cipher_list;
365 const char *tls_verify;
366 const char *tls_remote;
367 const char *crl_file;
368 int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */
369 #ifdef WIN32
370 const char *cryptoapi_cert;
371 #endif
372
373 /* data channel key exchange method */
374 int key_method;
375
376 /* Per-packet timeout on control channel */
377 int tls_timeout;
378
379 /* Data channel key renegotiation parameters */
380 int renegotiate_bytes;
381 int renegotiate_packets;
382 int renegotiate_seconds;
383
384 /* Data channel key handshake must finalize
385 within n seconds of handshake initiation. */
386 int handshake_window;
387
388 /* Old key allowed to live n seconds after new key goes active */
389 int transition_window;
390
391 /* Special authentication MAC for TLS control channel */
392 const char *tls_auth_file; /* shared secret */
393
394 /* Allow only one session */
395 bool single_session;
396
397 bool tls_exit;
398
399 #endif /* USE_SSL */
400 #endif /* USE_CRYPTO */
401
402 /* special state parms */
403 int foreign_option_index;
404
405 #ifdef WIN32
406 const char *exit_event_name;
407 bool exit_event_initial_state;
408 bool show_net_up;
409 int route_method;
410 #endif
411 };
412
413 #define streq(x, y) (!strcmp((x), (y)))
414
415 /*
416 * Option classes.
417 */
418 #define OPT_P_GENERAL (1<<0)
419 #define OPT_P_UP (1<<1)
420 #define OPT_P_ROUTE (1<<2)
421 #define OPT_P_IPWIN32 (1<<3)
422 #define OPT_P_SCRIPT (1<<4)
423 #define OPT_P_SETENV (1<<5)
424 #define OPT_P_SHAPER (1<<6)
425 #define OPT_P_TIMER (1<<7)
426 #define OPT_P_PERSIST (1<<8)
427 #define OPT_P_PERSIST_IP (1<<9)
428 #define OPT_P_COMP (1<<10) /* TODO */
429 #define OPT_P_MESSAGES (1<<11)
430 #define OPT_P_CRYPTO (1<<12) /* TODO */
431 #define OPT_P_TLS_PARMS (1<<13) /* TODO */
432 #define OPT_P_MTU (1<<14) /* TODO */
433 #define OPT_P_NICE (1<<15)
434 #define OPT_P_PUSH (1<<16)
435 #define OPT_P_INSTANCE (1<<17)
436 #define OPT_P_CONFIG (1<<18)
437 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
438 #define OPT_P_ECHO (1<<20)
439 #define OPT_P_INHERIT (1<<21)
440
441 #define OPT_P_DEFAULT (~OPT_P_INSTANCE)
442
443 #if P2MP
444 #define PULL_DEFINED(opt) ((opt)->pull)
445 #if P2MP_SERVER
446 #define PUSH_DEFINED(opt) ((opt)->push_list)
447 #endif
448 #endif
449
450 #ifndef PULL_DEFINED
451 #define PULL_DEFINED(opt) (false)
452 #endif
453
454 #ifndef PUSH_DEFINED
455 #define PUSH_DEFINED(opt) (false)
456 #endif
457
458 #ifdef WIN32
459 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
460 #else
461 #define ROUTE_OPTION_FLAGS(o) (0)
462 #endif
463
464 #ifdef HAVE_GETTIMEOFDAY
465 #define SHAPER_DEFINED(opt) ((opt)->shaper)
466 #else
467 #define SHAPER_DEFINED(opt) (false)
468 #endif
469
470 #ifdef ENABLE_PLUGIN
471 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list)
472 #else
473 #define PLUGIN_OPTION_LIST(opt) (NULL)
474 #endif
475
476 void parse_argv (struct options *options,
477 const int argc,
478 char *argv[],
479 const int msglevel,
480 const unsigned int permission_mask,
481 unsigned int *option_types_found,
482 struct env_set *es);
483
484 void notnull (const char *arg, const char *description);
485
486 void usage_small (void);
487
488 void init_options (struct options *o);
489 void uninit_options (struct options *o);
490
491 void setenv_settings (struct env_set *es, const struct options *o);
492 void show_settings (const struct options *o);
493
494 bool string_defined_equal (const char *s1, const char *s2);
495
496 #ifdef ENABLE_OCC
497
498 const char *options_string_version (const char* s, struct gc_arena *gc);
499
500 char *options_string (const struct options *o,
501 const struct frame *frame,
502 struct tuntap *tt,
503 bool remote,
504 struct gc_arena *gc);
505
506 int options_cmp_equal_safe (char *actual, const char *expected, size_t actual_n);
507 void options_warning_safe (char *actual, const char *expected, size_t actual_n);
508 int options_cmp_equal (char *actual, const char *expected);
509 void options_warning (char *actual, const char *expected);
510
511 #endif
512
513 void options_postprocess (struct options *options, bool first_time);
514
515 void pre_pull_save (struct options *o);
516 void pre_pull_restore (struct options *o);
517
518 bool apply_push_options (struct options *options,
519 struct buffer *buf,
520 unsigned int permission_mask,
521 unsigned int *option_types_found,
522 struct env_set *es);
523
524 bool is_persist_option (const struct options *o);
525 bool is_stateful_restart (const struct options *o);
526
527 void options_detach (struct options *o);
528
529 void options_server_import (struct options *o,
530 const char *filename,
531 int msglevel,
532 unsigned int permission_mask,
533 unsigned int *option_types_found,
534 struct env_set *es);
535
536 void pre_pull_default (struct options *o);
537
538 void rol_check_alloc (struct options *options);
539
540 int parse_line (const char *line,
541 char *p[],
542 const int n,
543 const char *file,
544 const int line_num,
545 int msglevel,
546 struct gc_arena *gc);
547
548 /*
549 * Manage auth-retry variable
550 */
551
552 #if P2MP
553
554 #define AR_NONE 0
555 #define AR_INTERACT 1
556 #define AR_NOINTERACT 2
557
558 int auth_retry_get (void);
559 bool auth_retry_set (const int msglevel, const char *option);
560 const char *auth_retry_print (void);
561
562 #endif
563
564 #endif
Implementation of SATP