OpenVPN
Data Structures | Macros | Functions | Variables
options.c File Reference
#include "syshead.h"
#include "buffer.h"
#include "error.h"
#include "common.h"
#include "run_command.h"
#include "shaper.h"
#include "crypto.h"
#include "ssl.h"
#include "ssl_ncp.h"
#include "options.h"
#include "misc.h"
#include "socket.h"
#include "packet_id.h"
#include "pkcs11.h"
#include "win32.h"
#include "push.h"
#include "pool.h"
#include "proto.h"
#include "helper.h"
#include "manage.h"
#include "forward.h"
#include "ssl_verify.h"
#include "platform.h"
#include "xkey_common.h"
#include "dco.h"
#include "options_util.h"
#include <ctype.h>
#include "memdbg.h"
Include dependency graph for options.c:

Go to the source code of this file.

Data Structures

struct  pull_filter
 
struct  pull_filter_list
 
struct  in_src
 

Macros

#define PUF_TYPE_UNDEF   0
 undefined filter type
 
#define PUF_TYPE_ACCEPT   1
 filter type to accept a matching option
 
#define PUF_TYPE_IGNORE   2
 filter type to ignore a matching option
 
#define PUF_TYPE_REJECT   3
 filter type to reject and trigger SIGUSR1
 
#define SHOW_PARM(name, value, format)   msg(D_SHOW_PARMS, " " #name " = " format, (value))
 
#define SHOW_STR(var)   SHOW_PARM(var, (o->var ? o->var : "[UNDEF]"), "'%s'")
 
#define SHOW_STR_INLINE(var)
 
#define SHOW_INT(var)   SHOW_PARM(var, o->var, "%d")
 
#define SHOW_UINT(var)   SHOW_PARM(var, o->var, "%u")
 
#define SHOW_INT64(var)   SHOW_PARM(var, o->var, "%" PRIi64)
 
#define SHOW_UNSIGNED(var)   SHOW_PARM(var, o->var, "0x%08x")
 
#define SHOW_BOOL(var)   SHOW_PARM(var, (o->var ? "ENABLED" : "DISABLED"), "%s");
 
#define USAGE_VALID_SERVER_PROTOS
 
#define MUST_BE_UNDEF(parm)
 
#define CHKACC_FILE   (1<<0)
 Check for a file/directory presence.
 
#define CHKACC_DIRPATH   (1<<1)
 Check for directory presence where a file should reside.
 
#define CHKACC_FILEXSTWR   (1<<2)
 If file exists, is it writable?
 
#define CHKACC_ACPTSTDIN   (1<<3)
 If filename is stdin, it's allowed and "exists".
 
#define CHKACC_PRIVATE   (1<<4)
 Warn if this (private) file is group/others accessible.
 
#define CHKACC_ACCEPT_URI   (1<<5)
 Do not check URIs, unless they start with file:
 
#define TLS_CLIENT   (o->tls_client)
 
#define TLS_SERVER   (o->tls_server)
 
#define LZO_LIB_VER_STR   "", ""
 
#define IS_TYPE_FP   1
 
#define IS_TYPE_BUF   2
 
#define VERIFY_PERMISSION(mask)
 
#define NM_QUOTE_HINT   (1<<0)
 

Functions

void init_options (struct options *o, const bool init_gc)
 
void uninit_options (struct options *o)
 
static const char * pull_filter_type_name (int type)
 
static void setenv_connection_entry (struct env_set *es, const struct connection_entry *e, const int i)
 
static void setenv_local_entry (struct env_set *es, const struct local_entry *e, const int i)
 
void setenv_settings (struct env_set *es, const struct options *o)
 
static in_addr_t get_ip_addr (const char *ip_string, int msglevel, bool *error)
 
static char * get_ipv6_addr_no_netbits (const char *addr, struct gc_arena *gc)
 Returns newly allocated string containing address part without "/nn".
 
static bool ipv6_addr_safe_hexplusbits (const char *ipv6_prefix_spec)
 
static char * string_substitute (const char *src, int from, int to, struct gc_arena *gc)
 
static struct verify_hash_listparse_hash_fingerprint (const char *str, int nbytes, int msglevel, struct gc_arena *gc)
 Parses a hexstring and checks if the string has the correct length.
 
static struct verify_hash_listparse_hash_fingerprint_multiline (const char *str, int nbytes, int msglevel, struct gc_arena *gc)
 Parses a string consisting of multiple lines of hexstrings and checks if each string has the correct length.
 
static void show_dhcp_option_list (const char *name, const char *const *array, int len)
 
static void show_dhcp_option_addrs (const char *name, const in_addr_t *array, int len)
 
static void show_tuntap_options (const struct tuntap_options *o)
 
static void dhcp_option_dns6_parse (const char *parm, struct in6_addr *dns6_list, int *len, int msglevel)
 
static void dhcp_option_address_parse (const char *name, const char *parm, in_addr_t *array, int *len, int msglevel)
 
static void tuntap_options_copy_dns (struct options *o)
 
static const char * print_vlan_accept (enum vlan_acceptable_frames mode)
 
static void show_p2mp_parms (const struct options *o)
 
static void option_iroute (struct options *o, const char *network_str, const char *netmask_str, int msglevel)
 
static void option_iroute_ipv6 (struct options *o, const char *prefix_str, int msglevel)
 
static void show_http_proxy_options (const struct http_proxy_options *o)
 
void options_detach (struct options *o)
 
void rol_check_alloc (struct options *options)
 
static void rol6_check_alloc (struct options *options)
 
static void cnol_check_alloc (struct options *options)
 
static void show_connection_entry (const struct connection_entry *o)
 
static void show_connection_entries (const struct options *o)
 
static void show_pull_filter_list (const struct pull_filter_list *l)
 
void show_settings (const struct options *o)
 
static struct http_proxy_optionsparse_http_proxy_override (const char *server, const char *port, const char *flags, struct gc_arena *gc)
 
static void options_postprocess_http_proxy_override (struct options *o)
 
static struct local_listalloc_local_list_if_undef (struct connection_entry *ce, struct gc_arena *gc)
 
static struct local_entryalloc_local_entry (struct connection_entry *ce, const int msglevel, struct gc_arena *gc)
 
static struct connection_listalloc_connection_list_if_undef (struct options *options)
 
static struct connection_entryalloc_connection_entry (struct options *options, const int msglevel)
 
static struct remote_listalloc_remote_list_if_undef (struct options *options)
 
static struct remote_entryalloc_remote_entry (struct options *options, const int msglevel)
 
static struct pull_filter_listalloc_pull_filter_list (struct options *o)
 
static struct pull_filteralloc_pull_filter (struct options *o)
 
static void connection_entry_load_re (struct connection_entry *ce, const struct remote_entry *re)
 
static void connection_entry_preload_key (const char **key_file, bool *key_inline, struct gc_arena *gc)
 
static void check_ca_required (const struct options *options)
 
static void options_postprocess_verify_ce (const struct options *options, const struct connection_entry *ce)
 
static void options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)
 
static void options_postprocess_mutate_le (struct connection_entry *ce, struct local_entry *le, int mode)
 
static void remap_redirect_gateway_flags (struct options *opt)
 
static void pre_connect_save (struct options *o)
 
void pre_connect_restore (struct options *o, struct gc_arena *gc)
 
static void options_postprocess_mutate_invariant (struct options *options)
 
static void options_postprocess_verify (const struct options *o)
 
static void options_postprocess_cipher (struct options *o)
 
static bool need_compatibility_before (const struct options *o, unsigned int version)
 The option –compat-mode is used to set up default settings to values used on the specified openvpn version and earlier.
 
static void options_set_backwards_compatible_options (struct options *o)
 Changes default values so that OpenVPN can be compatible with the user specified version.
 
static void options_process_mutate_prf (struct options *o)
 
static void options_postprocess_mutate (struct options *o, struct env_set *es)
 
static bool check_file_access (const int type, const char *file, const int mode, const char *opt)
 
static bool check_file_access_chroot (const char *chroot, const int type, const char *file, const int mode, const char *opt)
 
static bool check_file_access_chroot_inline (bool is_inline, const char *chroot, const int type, const char *file, const int mode, const char *opt)
 A wrapper for check_file_access_chroot() that returns false immediately if the file is inline (and therefore there is no access to check)
 
static bool check_file_access_inline (bool is_inline, const int type, const char *file, const int mode, const char *opt)
 A wrapper for check_file_access() that returns false immediately if the file is inline (and therefore there is no access to check)
 
static bool check_cmd_access (const char *command, const char *opt, const char *chroot)
 
static void options_postprocess_filechecks (struct options *options)
 
void options_postprocess (struct options *options, struct env_set *es)
 
bool options_postprocess_pull (struct options *o, struct env_set *es)
 
char * options_string (const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
 
bool options_cmp_equal (char *actual, const char *expected)
 
void options_warning (char *actual, const char *expected)
 
static const char * options_warning_extract_parm1 (const char *option_string, struct gc_arena *gc_ret)
 
static void options_warning_safe_scan2 (const int msglevel, const int delim, const bool report_inconsistent, const char *p1, const struct buffer *b2_src, const char *b1_name, const char *b2_name)
 
static void options_warning_safe_scan1 (const int msglevel, const int delim, const bool report_inconsistent, const struct buffer *b1_src, const struct buffer *b2_src, const char *b1_name, const char *b2_name)
 
static void options_warning_safe_ml (const int msglevel, char *actual, const char *expected, size_t actual_n)
 
bool options_cmp_equal_safe (char *actual, const char *expected, size_t actual_n)
 
void options_warning_safe (char *actual, const char *expected, size_t actual_n)
 
const char * options_string_version (const char *s, struct gc_arena *gc)
 
char * options_string_extract_option (const char *options_string, const char *opt_name, struct gc_arena *gc)
 Given an OpenVPN options string, extract the value of an option.
 
static enum tun_driver_type parse_windows_driver (const char *str, const int msglevel)
 Parses –windows-driver config option.
 
int parse_topology (const char *str, const int msglevel)
 
const char * print_topology (const int topology)
 
int auth_retry_get (void)
 
bool auth_retry_set (const int msglevel, const char *option)
 
const char * auth_retry_print (void)
 
static void usage (void)
 
void usage_small (void)
 
void show_windows_version (const unsigned int flags)
 
void show_dco_version (const unsigned int flags)
 
void show_library_versions (const unsigned int flags)
 
static void usage_version (void)
 
void notnull (const char *arg, const char *description)
 
bool string_defined_equal (const char *s1, const char *s2)
 
static unsigned int atou (const char *str)
 
static bool space (unsigned char c)
 
int parse_line (const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
 
static void bypass_doubledash (char **p)
 
static bool in_src_get (const struct in_src *is, char *line, const int size)
 
static char * read_inline_file (struct in_src *is, const char *close_tag, int *num_lines, struct gc_arena *gc)
 
static int check_inline_file (struct in_src *is, char *p[], struct gc_arena *gc)
 
static int check_inline_file_via_fp (FILE *fp, char *p[], struct gc_arena *gc)
 
static int check_inline_file_via_buf (struct buffer *multiline, char *p[], struct gc_arena *gc)
 
static void add_option (struct options *options, char *p[], bool is_inline, const char *file, int line, const int level, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
 
static void read_config_file (struct options *options, const char *file, int level, const char *top_file, const int top_line, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
 
static void read_config_string (const char *prefix, struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
 
void parse_argv (struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
 
static bool apply_pull_filter (const struct options *o, char *line)
 Filter an option line by all pull filters.
 
bool apply_push_options (struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
 
void options_server_import (struct options *o, const char *filename, int msglevel, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
 
void options_string_import (struct options *options, const char *config, const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
 
static bool verify_permission (const char *name, const char *file, int line, const unsigned int type, const unsigned int allowed, unsigned int *found, const int msglevel, struct options *options, bool is_inline)
 
static bool no_more_than_n_args (const int msglevel, char *p[], const int max, const unsigned int flags)
 
static int msglevel_forward_compatible (struct options *options, const int msglevel)
 
static void set_user_script (struct options *options, const char **script, const char *new_script, const char *type, bool in_chroot)
 
static void show_compression_warning (struct compress_options *info)
 
bool key_is_external (const struct options *options)
 
bool has_udp_in_local_list (const struct options *options)
 
bool has_tcp_in_local_list (const struct options *options)
 

Variables

const char title_string []
 
static const char usage_message []
 
static int global_auth_retry
 

Macro Definition Documentation

◆ CHKACC_ACCEPT_URI

#define CHKACC_ACCEPT_URI   (1<<5)

Do not check URIs, unless they start with file:

Definition at line 3955 of file options.c.

◆ CHKACC_ACPTSTDIN

#define CHKACC_ACPTSTDIN   (1<<3)

If filename is stdin, it's allowed and "exists".

Definition at line 3953 of file options.c.

◆ CHKACC_DIRPATH

#define CHKACC_DIRPATH   (1<<1)

Check for directory presence where a file should reside.

Definition at line 3951 of file options.c.

◆ CHKACC_FILE

#define CHKACC_FILE   (1<<0)

Check for a file/directory presence.

Definition at line 3950 of file options.c.

◆ CHKACC_FILEXSTWR

#define CHKACC_FILEXSTWR   (1<<2)

If file exists, is it writable?

Definition at line 3952 of file options.c.

◆ CHKACC_PRIVATE

#define CHKACC_PRIVATE   (1<<4)

Warn if this (private) file is group/others accessible.

Definition at line 3954 of file options.c.

◆ IS_TYPE_BUF

#define IS_TYPE_BUF   2

Definition at line 5260 of file options.c.

◆ IS_TYPE_FP

#define IS_TYPE_FP   1

Definition at line 5259 of file options.c.

◆ LZO_LIB_VER_STR

#define LZO_LIB_VER_STR   "", ""

◆ MUST_BE_UNDEF

#define MUST_BE_UNDEF (   parm)
Value:
if (options->parm != defaults.parm) {msg(M_USAGE, err, #parm); \
}
M_USAGE
#define M_USAGE
Definition error.h:106
msg
#define msg(flags,...)
Definition error.h:144

◆ NM_QUOTE_HINT

#define NM_QUOTE_HINT   (1<<0)

Definition at line 5739 of file options.c.

◆ PUF_TYPE_ACCEPT

#define PUF_TYPE_ACCEPT   1

filter type to accept a matching option

Definition at line 945 of file options.c.

◆ PUF_TYPE_IGNORE

#define PUF_TYPE_IGNORE   2

filter type to ignore a matching option

Definition at line 946 of file options.c.

◆ PUF_TYPE_REJECT

#define PUF_TYPE_REJECT   3

filter type to reject and trigger SIGUSR1

Definition at line 947 of file options.c.

◆ PUF_TYPE_UNDEF

#define PUF_TYPE_UNDEF   0

undefined filter type

Definition at line 944 of file options.c.

◆ SHOW_BOOL

#define SHOW_BOOL (   var)    SHOW_PARM(var, (o->var ? "ENABLED" : "DISABLED"), "%s");

Definition at line 993 of file options.c.

◆ SHOW_INT

#define SHOW_INT (   var)    SHOW_PARM(var, o->var, "%d")

Definition at line 989 of file options.c.

◆ SHOW_INT64

#define SHOW_INT64 (   var)    SHOW_PARM(var, o->var, "%" PRIi64)

Definition at line 991 of file options.c.

◆ SHOW_PARM

#define SHOW_PARM (   name,
  value,
  format 
)    msg(D_SHOW_PARMS, " " #name " = " format, (value))

Definition at line 983 of file options.c.

◆ SHOW_STR

#define SHOW_STR (   var)    SHOW_PARM(var, (o->var ? o->var : "[UNDEF]"), "'%s'")

Definition at line 984 of file options.c.

◆ SHOW_STR_INLINE

#define SHOW_STR_INLINE (   var)
Value:
SHOW_PARM(var, \
o->var ## _inline ? "[INLINE]" : \
(o->var ? o->var : "[UNDEF]"), \
"'%s'")
SHOW_PARM
#define SHOW_PARM(name, value, format)
Definition options.c:983

Definition at line 985 of file options.c.

◆ SHOW_UINT

#define SHOW_UINT (   var)    SHOW_PARM(var, o->var, "%u")

Definition at line 990 of file options.c.

◆ SHOW_UNSIGNED

#define SHOW_UNSIGNED (   var)    SHOW_PARM(var, o->var, "0x%08x")

Definition at line 992 of file options.c.

◆ TLS_CLIENT

#define TLS_CLIENT   (o->tls_client)

◆ TLS_SERVER

#define TLS_SERVER   (o->tls_server)

◆ USAGE_VALID_SERVER_PROTOS

#define USAGE_VALID_SERVER_PROTOS
Value:
"--mode server currently only supports " \
"--proto values of udp, tcp-server, tcp4-server, or tcp6-server"

◆ VERIFY_PERMISSION

#define VERIFY_PERMISSION (   mask)
Value:
{ \
if (!verify_permission(p[0], file, line, (mask), permission_mask, \
option_types_found, msglevel, options, is_inline)) \
{ \
goto err; \
} \
}
verify_permission
static bool verify_permission(const char *name, const char *file, int line, const unsigned int type, const unsigned int allowed, unsigned int *found, const int msglevel, struct options *options, bool is_inline)
Definition options.c:5682

Definition at line 5673 of file options.c.

Function Documentation

◆ add_option()

static void add_option ( struct options options,
char *  p[],
bool  is_inline,
const char *  file,
int  line,
const int  level,
const int  msglevel,
const unsigned int  permission_mask,
unsigned int *  option_types_found,
struct env_set es 
)
static

Definition at line 5833 of file options.c.

References add_client_nat_to_option_list(), add_route_ipv6_to_option_list(), add_route_to_option_list(), connection_entry::af, remote_entry::af, compress_options::alg, ALLOC_ARRAY_GC, alloc_buf_gc(), alloc_connection_entry(), alloc_local_entry(), alloc_pull_filter(), alloc_remote_entry(), options::allow_deprecated_insecure_static_crypto, options::allow_pull_fqdn, options::allow_recursive_routing, ascii2af(), ascii2ipset(), ascii2keydirection(), ascii2proto(), ASSERT, atoi_warn(), atou(), http_proxy_options::auth_file, http_proxy_options::auth_file_up, http_proxy_options::auth_method_string, http_proxy_options::auth_retry, auth_retry_set(), options::auth_token_call_auth, options::auth_token_generate, options::auth_token_lifetime, options::auth_token_renewal, options::auth_token_secret_file, options::auth_token_secret_file_inline, options::auth_user_pass_file, options::auth_user_pass_file_inline, options::auth_user_pass_verify_script, options::auth_user_pass_verify_script_via_file, options::authname, options::backwards_compatible, connection_entry::bind_defined, options::bind_dev, connection_entry::bind_ipv6_only, connection_entry::bind_local, options::block_ipv6, options::block_outside_dns, BOOL_CAST, BSTR, buf_printf(), options::ca_file, options::ca_file_inline, options::ca_path, options::ccd_exclusive, options::cd_dir, options::ce, options::cert_file, options::cert_file_inline, options::cf_initial_max, options::cf_initial_per, options::cf_max, options::cf_per, static_challenge_info::challenge_text, options::chroot_dir, options::cipher_list, options::cipher_list_tls13, options::ciphername, options::client, options::client_config_dir, options::client_connect_script, options::client_crresponse_script, options::client_disconnect_script, options::client_nat, cnol_check_alloc(), CO_EPOCH_DATA_KEY_FORMAT, CO_USE_CC_EXIT_NOTIFY, CO_USE_DYNAMIC_TLS_CRYPT, CO_USE_TLS_KEY_MATERIAL_EXPORT, options::comp, COMP_ALG_LZ4, COMP_ALG_LZO, COMP_ALG_STUB, COMP_ALG_UNDEF, COMP_ALGV2_LZ4, COMP_ALGV2_UNCOMPRESSED, COMP_F_ADVERTISE_STUBS_ONLY, COMP_F_ALLOW_ASYM, COMP_F_ALLOW_STUB_ONLY, COMP_F_MIGRATE, COMP_F_SWAP, comp_non_stub_enabled(), options::config, options::connect_retry_max, connection_entry::connect_retry_seconds, connection_entry::connect_retry_seconds_max, connection_entry::connect_timeout, connection_entry_load_re(), constrain_int(), http_custom_header::content, options::crl_file, options::crl_file_inline, options::cryptoapi_cert, http_proxy_options::custom_headers, D_PUSH, D_TLS_DEBUG_MED, options::daemon, options::dev, options::dev_node, options::dev_type, options::dh_file, options::dh_file_inline, tuntap_options::dhcp_lease_time, tuntap_options::dhcp_masq_custom_offset, tuntap_options::dhcp_masq_offset, dhcp_option_address_parse(), dhcp_option_dns6_parse(), tuntap_options::dhcp_options, DHCP_OPTIONS_DHCP_OPTIONAL, DHCP_OPTIONS_DHCP_REQUIRED, tuntap_options::dhcp_pre_release, dhcp_release_by_adapter_index(), tuntap_options::dhcp_renew, dhcp_renew_by_adapter_index(), options::disable, options::disable_dco, tuntap_options::disable_nbt, tuntap_options::dns, tuntap_options::dns6, tuntap_options::dns6_len, dns_domain_list_append(), tuntap_options::dns_len, options::dns_options, DNS_SECURITY_NO, DNS_SECURITY_OPTIONAL, DNS_SECURITY_YES, dns_server_addr_parse(), dns_server_get(), dns_server_priority_parse(), DNS_TRANSPORT_HTTPS, DNS_TRANSPORT_PLAIN, DNS_TRANSPORT_TLS, dns_server::dnssec, tuntap_options::domain, tuntap_options::domain_search_list, tuntap_options::domain_search_list_len, dns_server::domains, options::down_pre, options::down_script, options::duplicate_cn, options::ecdh_curve, options::enable_c2c, options::enable_ncp_fallback, options::engine, errors_to_stderr(), es, options::exit_event_initial_state, options::exit_event_name, connection_entry::explicit_exit_notification, EXPORT_KEY_DATA_LABEL, options::extra_certs_file, options::extra_certs_file_inline, options::fast_io, compress_options::flags, static_challenge_info::flags, route_option_list::flags, route_ipv6_option_list::flags, options::force_key_material_export, options::forward_compatible, connection_entry::fragment, connection_entry::fragment_encap, dns_options::gc, options::gc, gc, gc_free(), gc_new(), gc_transfer(), options::genkey, GENKEY_AUTH_TOKEN, options::genkey_extra_data, options::genkey_filename, GENKEY_SECRET, GENKEY_TLS_CRYPTV2_CLIENT, GENKEY_TLS_CRYPTV2_SERVER, options::genkey_type, get_default_gateway(), get_default_gateway_ipv6(), get_ip_addr(), get_ipv6_addr(), get_ipv6_addr_no_netbits(), getaddr(), GETADDR_HOST_ORDER, GETADDR_RESOLVE, options::groupname, options::handshake_window, connection_entry::http_proxy_options, options::http_proxy_override, http_proxy_options::http_version, options::ifconfig_ipv6_local, options::ifconfig_ipv6_netbits, options::ifconfig_ipv6_pool_base, options::ifconfig_ipv6_pool_defined, options::ifconfig_ipv6_pool_netbits, options::ifconfig_ipv6_remote, options::ifconfig_local, options::ifconfig_noexec, options::ifconfig_nowarn, options::ifconfig_pool_defined, options::ifconfig_pool_end, options::ifconfig_pool_netmask, options::ifconfig_pool_persist_filename, options::ifconfig_pool_persist_refresh_freq, options::ifconfig_pool_start, ifconfig_pool_verify_range(), options::ifconfig_remote_netmask, options::ignore_unknown_option, options::imported_protocol_flags, options::inactivity_minimum_bytes, options::inactivity_timeout, init_http_proxy_options_once(), init_options(), http_proxy_options::inline_creds, ip_addr_dotted_quad_safe(), ip_or_dns_addr_safe(), options::ip_remote_hint, tuntap_options::ip_win32_defined, tuntap_options::ip_win32_type, options::ipchange, ipconfig_register_dns(), ipset2ascii_all(), ipv6_addr_safe(), ipv6_addr_safe_hexplusbits(), IPW32_SET_ADAPTIVE, IPW32_SET_ADAPTIVE_DELAY_WINDOW, IPW32_SET_DHCP_MASQ, is_special_addr(), options::keepalive_ping, options::keepalive_timeout, connection_entry::key_direction, options::key_direction, KEY_DIRECTION_BIDIRECTIONAL, options::key_pass_file, options::learn_address_script, buffer::len, connection_entry::link_mtu, connection_entry::link_mtu_defined, options::lladdr, local_entry::local, connection_entry::local_port, connection_entry::local_port_defined, options::log, M_DEBUG_LEVEL, M_ERR, M_FATAL, M_INFO, M_NOPREFIX, M_USAGE, M_WARN, mac_addr_safe(), options::machine_readable_output, options::management_addr, management_auth_token(), options::management_certificate, options::management_client_group, options::management_client_user, management_echo(), options::management_flags, options::management_log_history_cache, options::management_port, options::management_user_pass, options::mark, options::max_clients, MAX_CUSTOM_HTTP_HEADER, max_int(), MAX_PARMS, MAX_PEER_ID, options::max_routes_per_client, MAX_SEQ_BACKTRACK, MAX_TIME_BACKTRACK, MD_SHA1, MD_SHA256, MF_CLIENT_AUTH, MF_CONNECT_AS_CLIENT, MF_EXTERNAL_CERT, MF_EXTERNAL_KEY, MF_EXTERNAL_KEY_DIGEST, MF_EXTERNAL_KEY_NOPADDING, MF_EXTERNAL_KEY_PKCS1PAD, MF_EXTERNAL_KEY_PSSPAD, MF_FORGET_DISCONNECT, MF_HOLD, MF_QUERY_PASSWORDS, MF_QUERY_PROXY, MF_QUERY_REMOTE, MF_SIGNAL, MF_UNIX_SOCK, MF_UP_DOWN, MIN_SEQ_BACKTRACK, MIN_TIME_BACKTRACK, options::mlock, options::mode, MODE_POINT_TO_POINT, MODE_SERVER, msg, options::msg_channel, msglevel_forward_compatible(), connection_entry::mssfix, connection_entry::mssfix_default, connection_entry::mssfix_encap, connection_entry::mssfix_fixed, connection_entry::mtu_discover_type, options::mtu_test, options::mute, options::mute_replay_warnings, options::n_bcast_buf, N_SEARCH_LIST_LEN, http_custom_header::name, provider_list::names, tuntap_options::nbdd, tuntap_options::nbdd_len, options::ncp_ciphers, net_ctx_init(), tuntap_options::netbios_node_type, tuntap_options::netbios_scope, verify_hash_list::next, options::nice, NM_QUOTE_HINT, no_more_than_n_args(), NS_CERT_CHECK_CLIENT, NS_CERT_CHECK_SERVER, options::ns_cert_type, tuntap_options::ntp, tuntap_options::ntp_len, options::occ, connection_entry::occ_mtu, open_syslog(), OPENVPN_8021Q_MAX_VID, OPENVPN_8021Q_MIN_VID, openvpn_exit(), OPENVPN_EXIT_STATUS_GOOD, OPENVPN_KU_REQUIRED, OPT_P_COMP, OPT_P_CONFIG, OPT_P_CONNECTION, OPT_P_DHCPDNS, OPT_P_ECHO, OPT_P_EXPLICIT_NOTIFY, OPT_P_GENERAL, OPT_P_INHERIT, OPT_P_INLINE, OPT_P_INSTANCE, OPT_P_MESSAGES, OPT_P_MTU, OPT_P_NCP, OPT_P_NICE, OPT_P_PEER_ID, OPT_P_PERSIST, OPT_P_PERSIST_IP, OPT_P_PLUGIN, OPT_P_PULL_MODE, OPT_P_PUSH, OPT_P_PUSH_MTU, OPT_P_ROUTE, OPT_P_ROUTE_EXTRAS, OPT_P_SCRIPT, OPT_P_SETENV, OPT_P_SHAPER, OPT_P_SOCKBUF, OPT_P_SOCKFLAGS, OPT_P_TIMER, OPT_P_TLS_PARMS, OPT_P_UP, option_iroute(), option_iroute_ipv6(), OPTION_PARM_SIZE, options::packet_id_file, PAR_ALL, PAR_NCT, parse_hash_fingerprint_multiline(), parse_http_proxy_override(), parse_topology(), parse_windows_driver(), options::peer_id, options::persist_config, options::persist_local_ip, options::persist_mode, options::persist_remote_ip, options::persist_tun, PING_EXIT, options::ping_rec_timeout, options::ping_rec_timeout_action, PING_RESTART, options::ping_send_timeout, options::ping_timer_remote, options::pkcs12_file, options::pkcs12_file_inline, platform_chdir(), options::plugin_list, plugin_option_list_add(), plugin_option_list_new(), local_entry::port, http_proxy_options::port, positive_atoi(), print_default_gateway(), dns_server::priority, options::priv_key_file, options::priv_key_file_inline, local_entry::proto, connection_entry::proto, remote_entry::proto, proto2ascii_all(), options::proto_force, options::providers, PUF_TYPE_ACCEPT, PUF_TYPE_IGNORE, PUF_TYPE_REJECT, options::pull, options::push_continuation, options::push_ifconfig_constraint_defined, options::push_ifconfig_constraint_netmask, options::push_ifconfig_constraint_network, options::push_ifconfig_defined, options::push_ifconfig_ipv6_blocked, options::push_ifconfig_ipv6_defined, options::push_ifconfig_ipv6_local, options::push_ifconfig_ipv6_netbits, options::push_ifconfig_ipv6_remote, options::push_ifconfig_local, options::push_ifconfig_local_alias, options::push_ifconfig_remote_netmask, push_options(), options::push_peer_info, push_remove_option(), push_reset(), options::rcvbuf, read_config_file(), read_config_string(), options::real_hash_size, redirect_stdout_stderr(), tuntap_options::register_dns, remap_redirect_gateway_flags(), options::remap_sigusr1, connection_entry::remote, remote_entry::remote, options::remote_cert_eku, options::remote_cert_ku, connection_entry::remote_float, connection_entry::remote_port, remote_entry::remote_port, options::remote_random, options::renegotiate_bytes, options::renegotiate_packets, options::renegotiate_seconds, options::renegotiate_seconds_min, options::replay_time, options::replay_window, RESOLV_RETRY_INFINITE, options::resolve_in_advance, options::resolve_retry_seconds, RG_AUTO_LOCAL, RG_BLOCK_LOCAL, RG_BYPASS_DHCP, RG_BYPASS_DNS, RG_DEF1, RG_ENABLE, RG_LOCAL, RG_REROUTE_GW, rol6_check_alloc(), rol_check_alloc(), options::route_default_gateway, options::route_default_metric, options::route_delay, options::route_delay_defined, options::route_delay_window, options::route_gateway_via_dhcp, options::route_ipv6_default_gateway, options::route_method, ROUTE_METHOD_ADAPTIVE, ROUTE_METHOD_EXE, ROUTE_METHOD_IPAPI, ROUTE_METHOD_SERVICE, options::route_noexec, options::route_nopull, options::route_predown_script, options::route_script, options::routes, options::routes_ipv6, SC_CONCAT, SC_ECHO, options::sc_info, script_security_set(), SDL_CONSTRAIN, dns_options::search_domains, http_proxy_options::server, options::server_bridge_defined, options::server_bridge_ip, options::server_bridge_netmask, options::server_bridge_pool_end, options::server_bridge_pool_start, options::server_bridge_proxy_dhcp, options::server_defined, options::server_flags, options::server_ipv6_defined, options::server_netbits_ipv6, options::server_netmask, options::server_network, options::server_network_ipv6, dns_options::servers, options::session_timeout, set_debug_level(), set_machine_readable_output(), set_pause_exit_win32(), set_suppress_timestamps(), set_user_script(), set_win_sys_path(), setenv_str(), setenv_str_safe(), SF_HOST_RANDOMIZE, SF_NO_PUSH_ROUTE_GATEWAY, SF_NOPOOL, SF_TCP_NODELAY, SF_TCP_NODELAY_HELPER, SF_USE_IP_PKTINFO, SHA256_DIGEST_LENGTH, SHA_DIGEST_LENGTH, options::shaper, SHAPER_MAX, SHAPER_MIN, options::shared_secret_file, options::shared_secret_file_inline, show_adapters(), options::show_ciphers, show_compression_warning(), options::show_curves, options::show_digests, options::show_engines, options::show_net_up, show_routes(), show_tap_win_adapters(), options::show_tls_ciphers, show_valid_win32_tun_subnets(), options::single_session, sleep, options::sndbuf, dns_server::sni, options::sockflags, connection_entry::socks_proxy_authfile, connection_entry::socks_proxy_port, connection_entry::socks_proxy_server, options::ssl_flags, ssl_set_auth_nocache(), ssl_set_auth_token(), ssl_set_auth_token_user(), SSLF_AUTH_USER_PASS_OPTIONAL, SSLF_CLIENT_CERT_NOT_REQUIRED, SSLF_CLIENT_CERT_OPTIONAL, SSLF_CRL_VERIFY_DIR, SSLF_OPT_VERIFY, SSLF_TLS_DEBUG_ENABLED, SSLF_TLS_VERSION_MAX_MASK, SSLF_TLS_VERSION_MAX_SHIFT, SSLF_TLS_VERSION_MIN_MASK, SSLF_TLS_VERSION_MIN_SHIFT, SSLF_USERNAME_AS_COMMON_NAME, options::stale_routes_ageing_time, options::stale_routes_check_interval, options::status_file, options::status_file_update_freq, options::status_file_version, streq, string_substitute(), options::suppress_timestamps, tap_allow_nonadmin_access(), tuntap_options::tap_sleep, options::tcp_queue_limit, options::test_crypto, connection_entry::tls_auth_file, options::tls_auth_file, connection_entry::tls_auth_file_inline, options::tls_auth_file_inline, options::tls_cert_profile, TLS_CHANNEL_BUF_SIZE, TLS_CHANNEL_MTU_MIN, options::tls_client, connection_entry::tls_crypt_file, options::tls_crypt_file, connection_entry::tls_crypt_file_inline, options::tls_crypt_file_inline, connection_entry::tls_crypt_v2_file, options::tls_crypt_v2_file, connection_entry::tls_crypt_v2_file_inline, options::tls_crypt_v2_file_inline, connection_entry::tls_crypt_v2_force_cookie, options::tls_crypt_v2_verify_script, options::tls_exit, options::tls_export_peer_cert_dir, options::tls_groups, connection_entry::tls_mtu, options::tls_server, options::tls_timeout, TLS_VER_1_2, TLS_VER_BAD, options::tls_verify, tls_version_parse(), options::tmp_dir, options::topology, options::transition_window, translate_mtu_discover_type_name(), dns_server::transport, connection_entry::tun_mtu, connection_entry::tun_mtu_defined, connection_entry::tun_mtu_extra, connection_entry::tun_mtu_extra_defined, connection_entry::tun_mtu_max, options::tuntap_options, uninit_options(), options::up_delay, options::up_restart, options::up_script, usage(), usage_version(), options::use_peer_id, http_proxy_options::user_agent, options::username, valid_integer(), options::verbosity, options::verify_hash, options::verify_hash_algo, options::verify_hash_depth, VERIFY_PERMISSION, options::verify_x509_name, VERIFY_X509_SUBJECT_DN, VERIFY_X509_SUBJECT_RDN, VERIFY_X509_SUBJECT_RDN_PREFIX, options::verify_x509_type, options::virtual_hash_size, options::vlan_accept, VLAN_ALL, VLAN_ONLY_TAGGED, VLAN_ONLY_UNTAGGED_OR_PRIORITY, options::vlan_pvid, options::vlan_tagging, options::windows_driver, tuntap_options::wins, tuntap_options::wins_len, options::writepid, options::x509_track, and x509_track_add().

Referenced by apply_push_options(), parse_argv(), read_config_file(), and read_config_string().

◆ alloc_connection_entry()

static struct connection_entry * alloc_connection_entry ( struct options options,
const int  msglevel 
)
static

Definition at line 2243 of file options.c.

References alloc_connection_list_if_undef(), ALLOC_OBJ_GC, connection_list::array, connection_list::capacity, CONNECTION_LIST_SIZE, options::gc, gc_realloc(), connection_list::len, and msg.

Referenced by add_option(), and options_postprocess_mutate().

◆ alloc_connection_list_if_undef()

static struct connection_list * alloc_connection_list_if_undef ( struct options options)
static

Definition at line 2233 of file options.c.

References ALLOC_OBJ_CLEAR_GC, options::connection_list, and options::gc.

Referenced by alloc_connection_entry().

◆ alloc_local_entry()

static struct local_entry * alloc_local_entry ( struct connection_entry ce,
const int  msglevel,
struct gc_arena gc 
)
static

Definition at line 2211 of file options.c.

References alloc_local_list_if_undef(), ALLOC_OBJ_CLEAR_GC, local_list::array, CONNECTION_LIST_SIZE, gc, local_list::len, msg, local_entry::proto, and PROTO_NONE.

Referenced by add_option(), and options_postprocess_mutate().

◆ alloc_local_list_if_undef()

static struct local_list * alloc_local_list_if_undef ( struct connection_entry ce,
struct gc_arena gc 
)
static

Definition at line 2201 of file options.c.

References ALLOC_OBJ_CLEAR_GC, gc, and connection_entry::local_list.

Referenced by alloc_local_entry().

◆ alloc_pull_filter()

static struct pull_filter * alloc_pull_filter ( struct options o)
static

Definition at line 2309 of file options.c.

References ALLOC_OBJ_CLEAR_GC, alloc_pull_filter_list(), ASSERT, options::gc, pull_filter_list::head, pull_filter::next, and pull_filter_list::tail.

Referenced by add_option().

◆ alloc_pull_filter_list()

static struct pull_filter_list * alloc_pull_filter_list ( struct options o)
static

Definition at line 2299 of file options.c.

References ALLOC_OBJ_CLEAR_GC, options::gc, and options::pull_filter_list.

Referenced by alloc_pull_filter().

◆ alloc_remote_entry()

static struct remote_entry * alloc_remote_entry ( struct options options,
const int  msglevel 
)
static

Definition at line 2276 of file options.c.

References ALLOC_OBJ_GC, alloc_remote_list_if_undef(), remote_list::array, remote_list::capacity, CONNECTION_LIST_SIZE, options::gc, gc_realloc(), remote_list::len, and msg.

Referenced by add_option().

◆ alloc_remote_list_if_undef()

static struct remote_list * alloc_remote_list_if_undef ( struct options options)
static

Definition at line 2266 of file options.c.

References ALLOC_OBJ_CLEAR_GC, options::gc, and options::remote_list.

Referenced by alloc_remote_entry().

◆ apply_pull_filter()

static bool apply_pull_filter ( const struct options o,
char *  line 
)
static

Filter an option line by all pull filters.

If a match is found, the line is modified depending on the filter type, and returns true. If the filter type is reject, SIGUSR1 is triggered and the return value is false. In that case the caller must end the push processing.

Definition at line 5573 of file options.c.

References D_LOW, D_PUSH, pull_filter_list::head, M_WARN, msg, PUF_TYPE_ACCEPT, PUF_TYPE_IGNORE, PUF_TYPE_REJECT, options::pull_filter_list, and throw_signal_soft().

Referenced by apply_push_options().

◆ apply_push_options()

bool apply_push_options ( struct options options,
struct buffer buf,
unsigned int  permission_mask,
unsigned int *  option_types_found,
struct env_set es 
)

Definition at line 5613 of file options.c.

References add_option(), apply_pull_filter(), buf_parse(), CLEAR, D_PUSH_ERRORS, es, options::gc, M_OPTERR, MAX_PARMS, OPTION_PARM_SIZE, parse_line(), and SIZE.

Referenced by process_incoming_push_reply().

◆ atou()

static unsigned int atou ( const char *  str)
static

Definition at line 5061 of file options.c.

Referenced by add_option().

◆ auth_retry_get()

int auth_retry_get ( void  )

Definition at line 4883 of file options.c.

References global_auth_retry.

Referenced by do_init_crypto_tls_c1(), init_instance(), receive_auth_failed(), and socket_restart_pause().

◆ auth_retry_print()

const char * auth_retry_print ( void  )

Definition at line 4912 of file options.c.

References AR_INTERACT, AR_NOINTERACT, AR_NONE, and global_auth_retry.

Referenced by man_dispatch_command().

◆ auth_retry_set()

bool auth_retry_set ( const int  msglevel,
const char *  option 
)

Definition at line 4889 of file options.c.

References AR_INTERACT, AR_NOINTERACT, AR_NONE, global_auth_retry, msg, and streq.

Referenced by add_option(), and man_dispatch_command().

◆ bypass_doubledash()

static void bypass_doubledash ( char **  p)
static

Definition at line 5250 of file options.c.

Referenced by read_config_file(), and read_config_string().

◆ check_ca_required()

static void check_ca_required ( const struct options options)
static

Definition at line 2368 of file options.c.

References options::ca_file, options::ca_path, buffer::len, M_USAGE, msg, options::pkcs12_file, and options::verify_hash_no_ca.

Referenced by options_postprocess_verify_ce().

◆ check_cmd_access()

static bool check_cmd_access ( const char *  command,
const char *  opt,
const char *  chroot 
)
static

Definition at line 4131 of file options.c.

References argv::argv, argv_free(), argv_new(), argv_parse_cmd(), check_file_access_chroot(), CHKACC_FILE, M_NOPREFIX, M_OPTERR, and msg.

Referenced by set_user_script().

◆ check_file_access()

static bool check_file_access ( const int  type,
const char *  file,
const int  mode,
const char *  opt 
)
static

Definition at line 3958 of file options.c.

References CHKACC_ACCEPT_URI, CHKACC_ACPTSTDIN, CHKACC_DIRPATH, CHKACC_FILE, CHKACC_FILEXSTWR, CHKACC_PRIVATE, dirname(), M_ERRNO, M_NOPREFIX, M_OPTERR, M_WARN, msg, platform_access(), platform_stat(), streq, and string_alloc().

Referenced by check_file_access_chroot(), check_file_access_inline(), and options_postprocess_filechecks().

◆ check_file_access_chroot()

static bool check_file_access_chroot ( const char *  chroot,
const int  type,
const char *  file,
const int  mode,
const char *  opt 
)
static

Definition at line 4053 of file options.c.

References BSTR, check_file_access(), gc, gc_free(), gc_new(), buffer::len, and prepend_dir().

Referenced by check_cmd_access(), check_file_access_chroot_inline(), and options_postprocess_filechecks().

◆ check_file_access_chroot_inline()

static bool check_file_access_chroot_inline ( bool  is_inline,
const char *  chroot,
const int  type,
const char *  file,
const int  mode,
const char *  opt 
)
static

A wrapper for check_file_access_chroot() that returns false immediately if the file is inline (and therefore there is no access to check)

Definition at line 4086 of file options.c.

References check_file_access_chroot(), and buffer::len.

Referenced by options_postprocess_filechecks().

◆ check_file_access_inline()

static bool check_file_access_inline ( bool  is_inline,
const int  type,
const char *  file,
const int  mode,
const char *  opt 
)
static

A wrapper for check_file_access() that returns false immediately if the file is inline (and therefore there is no access to check)

Definition at line 4103 of file options.c.

References check_file_access(), and buffer::len.

Referenced by options_postprocess_filechecks().

◆ check_inline_file()

static int check_inline_file ( struct in_src is,
char *  p[],
struct gc_arena gc 
)
static

Definition at line 5337 of file options.c.

References alloc_buf(), BSTR, buf_printf(), free_buf(), gc, buffer::len, read_inline_file(), and string_alloc().

Referenced by check_inline_file_via_buf(), and check_inline_file_via_fp().

◆ check_inline_file_via_buf()

static int check_inline_file_via_buf ( struct buffer multiline,
char *  p[],
struct gc_arena gc 
)
static

Definition at line 5370 of file options.c.

References check_inline_file(), gc, IS_TYPE_BUF, in_src::multiline, in_src::type, and in_src::u.

Referenced by read_config_string().

◆ check_inline_file_via_fp()

static int check_inline_file_via_fp ( FILE *  fp,
char *  p[],
struct gc_arena gc 
)
static

Definition at line 5361 of file options.c.

References check_inline_file(), in_src::fp, gc, IS_TYPE_FP, in_src::type, and in_src::u.

Referenced by read_config_file().

◆ cnol_check_alloc()

static void cnol_check_alloc ( struct options options)
static

Definition at line 1730 of file options.c.

References options::client_nat, options::gc, and new_client_nat_list().

Referenced by add_option(), and pre_connect_restore().

◆ connection_entry_load_re()

static void connection_entry_load_re ( struct connection_entry ce,
const struct remote_entry re 
)
static

Definition at line 2330 of file options.c.

References connection_entry::af, remote_entry::af, connection_entry::proto, remote_entry::proto, connection_entry::remote, remote_entry::remote, connection_entry::remote_port, and remote_entry::remote_port.

Referenced by add_option(), and options_postprocess_mutate().

◆ connection_entry_preload_key()

static void connection_entry_preload_key ( const char **  key_file,
bool *  key_inline,
struct gc_arena gc 
)
static

Definition at line 2351 of file options.c.

References buf_valid(), buffer_read_from_file(), buffer::data, gc, buffer::len, M_FATAL, and msg.

Referenced by options_postprocess_mutate_ce().

◆ dhcp_option_address_parse()

static void dhcp_option_address_parse ( const char *  name,
const char *  parm,
in_addr_t *  array,
int *  len,
int  msglevel 
)
static

Definition at line 1349 of file options.c.

References get_ip_addr(), ip_addr_dotted_quad_safe(), msg, and N_DHCP_ADDR.

Referenced by add_option().

◆ dhcp_option_dns6_parse()

static void dhcp_option_dns6_parse ( const char *  parm,
struct in6_addr *  dns6_list,
int *  len,
int  msglevel 
)
static

Definition at line 1335 of file options.c.

References get_ipv6_addr(), msg, and N_DHCP_ADDR.

Referenced by add_option().

◆ get_ip_addr()

static in_addr_t get_ip_addr ( const char *  ip_string,
int  msglevel,
bool *  error 
)
static

Definition at line 1105 of file options.c.

References getaddr(), GETADDR_FATAL, GETADDR_HOST_ORDER, buffer::len, and M_FATAL.

Referenced by add_option(), and dhcp_option_address_parse().

◆ get_ipv6_addr_no_netbits()

static char * get_ipv6_addr_no_netbits ( const char *  addr,
struct gc_arena gc 
)
static

Returns newly allocated string containing address part without "/nn".

If gc != NULL, the allocated memory is registered in the supplied gc.

Definition at line 1130 of file options.c.

References gc, gc_malloc(), buffer::len, and string_alloc().

Referenced by add_option().

◆ has_tcp_in_local_list()

bool has_tcp_in_local_list ( const struct options options)

Definition at line 9688 of file options.c.

References local_list::array, options::ce, local_list::len, connection_entry::local_list, local_entry::proto, and proto_is_dgram().

◆ has_udp_in_local_list()

bool has_udp_in_local_list ( const struct options options)

Definition at line 9671 of file options.c.

References local_list::array, options::ce, local_list::len, connection_entry::local_list, local_entry::proto, and proto_is_dgram().

Referenced by multi_io_wait(), and multi_process_signal().

◆ in_src_get()

static bool in_src_get ( const struct in_src is,
char *  line,
const int  size 
)
static

Definition at line 5269 of file options.c.

References ASSERT, BOOL_CAST, buf_parse(), IS_TYPE_BUF, IS_TYPE_FP, buffer::len, and status.

Referenced by read_inline_file().

◆ init_options()

void init_options ( struct options o,
const bool  init_gc 
)

Definition at line 803 of file options.c.

References connection_entry::af, options::allow_recursive_routing, options::auth_token_generate, options::authname, connection_entry::bind_ipv6_only, connection_entry::bind_local, options::block_outside_dns, options::ce, options::cf_initial_max, options::cf_initial_per, CLEAR, options::connect_retry_max, connection_entry::connect_retry_seconds, connection_entry::connect_retry_seconds_max, connection_entry::connect_timeout, DEFAULT_SEQ_BACKTRACK, DEFAULT_TIME_BACKTRACK, tuntap_options::dhcp_lease_time, tuntap_options::dhcp_masq_offset, options::disable_dco, options::dns_options, options::ecdh_curve, dns_options::gc, options::gc, gc_init(), options::gc_owned, options::handshake_window, options::ifconfig_pool_persist_refresh_freq, tuntap_options::ip_win32_type, IPW32_SET_ADAPTIVE, IPW32_SET_DHCP_MASQ, options::key_direction, KEY_DIRECTION_BIDIRECTIONAL, connection_entry::link_mtu, LINK_MTU_DEFAULT, connection_entry::local_port, M_USAGE, options::management_echo_buffer_size, options::management_log_history_cache, options::management_state_buffer_size, options::max_clients, options::max_routes_per_client, options::mode, MODE_POINT_TO_POINT, msg, connection_entry::mssfix, connection_entry::mssfix_default, connection_entry::mssfix_encap, connection_entry::mtu_discover_type, options::n_bcast_buf, options::occ, connection_entry::occ_mtu, OPENVPN_PORT, options::persist_mode, connection_entry::proto, options::proto_force, PROTO_UDP, options::real_hash_size, connection_entry::remote_port, options::renegotiate_bytes, options::renegotiate_seconds, options::renegotiate_seconds_min, options::replay_time, options::replay_window, RESOLV_RETRY_INFINITE, options::resolve_in_advance, options::resolve_retry_seconds, options::route_delay_window, options::route_method, ROUTE_METHOD_ADAPTIVE, options::scheduled_exit_interval, options::stale_routes_check_interval, options::status_file_update_freq, options::status_file_version, options::tcp_queue_limit, options::tls_cert_profile, connection_entry::tls_mtu, TLS_MTU_DEFAULT, options::tls_timeout, options::tmp_dir, TOP_UNDEF, options::topology, options::transition_window, connection_entry::tun_mtu, TUN_MTU_DEFAULT, options::tuntap_options, options::verbosity, options::virtual_hash_size, options::vlan_accept, VLAN_ALL, options::vlan_pvid, win_get_tempdir(), options::windows_driver, WINDOWS_DRIVER_UNSPECIFIED, and X509_USERNAME_FIELD_DEFAULT.

Referenced by add_option(), openvpn_main(), options_postprocess_verify_ce(), and usage().

◆ ipv6_addr_safe_hexplusbits()

static bool ipv6_addr_safe_hexplusbits ( const char *  ipv6_prefix_spec)
static

Definition at line 1148 of file options.c.

References get_ipv6_addr(), and M_WARN.

Referenced by add_option().

◆ key_is_external()

bool key_is_external ( const struct options options)

Definition at line 5818 of file options.c.

References options::cryptoapi_cert, options::management_flags, and MF_EXTERNAL_KEY.

Referenced by init_ssl().

◆ msglevel_forward_compatible()

static int msglevel_forward_compatible ( struct options options,
const int  msglevel 
)
inlinestatic

Definition at line 5770 of file options.c.

References options::forward_compatible, and M_WARN.

Referenced by add_option().

◆ need_compatibility_before()

static bool need_compatibility_before ( const struct options o,
unsigned int  version 
)
static

The option –compat-mode is used to set up default settings to values used on the specified openvpn version and earlier.

This function is used in various "default option" paths to test if the user requested compatibility with a version before the one specified as argument. This way some default settings can be automatically altered to guarantee compatibility with the version specified by the user via –compat-mode.

Parameters
versionneed compatibility with openvpn versions before the one specified (20401 = before 2.4.1)
Returns
whether compatibility should be enabled

Definition at line 3644 of file options.c.

References options::backwards_compatible.

Referenced by options_set_backwards_compatible_options().

◆ no_more_than_n_args()

static bool no_more_than_n_args ( const int  msglevel,
char *  p[],
const int  max,
const unsigned int  flags 
)
static

Definition at line 5742 of file options.c.

References msg, NM_QUOTE_HINT, and string_array_len().

Referenced by add_option().

◆ notnull()

void notnull ( const char *  arg,
const char *  description 
)

Definition at line 5030 of file options.c.

References M_USAGE, and msg.

Referenced by do_persist_tuntap(), options_postprocess_mutate(), and options_postprocess_verify_ce().

◆ option_iroute()

static void option_iroute ( struct options o,
const char *  network_str,
const char *  netmask_str,
int  msglevel 
)
static

Definition at line 1621 of file options.c.

References ALLOC_OBJ_GC, options::gc, getaddr(), GETADDR_HOST_ORDER, options::iroutes, msg, iroute::netbits, netmask_to_netbits2(), iroute::network, and iroute::next.

Referenced by add_option().

◆ option_iroute_ipv6()

static void option_iroute_ipv6 ( struct options o,
const char *  prefix_str,
int  msglevel 
)
static

Definition at line 1651 of file options.c.

References ALLOC_OBJ_GC, options::gc, get_ipv6_addr(), options::iroutes_ipv6, msg, iroute_ipv6::netbits, iroute_ipv6::network, and iroute_ipv6::next.

Referenced by add_option().

◆ options_cmp_equal()

bool options_cmp_equal ( char *  actual,
const char *  expected 
)

Definition at line 4587 of file options.c.

References options_cmp_equal_safe().

Referenced by key_method_2_read().

◆ options_cmp_equal_safe()

bool options_cmp_equal_safe ( char *  actual,
const char *  expected,
size_t  actual_n 
)

Definition at line 4729 of file options.c.

References D_SHOW_OCC, gc, gc_free(), gc_new(), msg, and options_warning_safe_ml().

Referenced by options_cmp_equal(), and process_received_occ_msg().

◆ options_detach()

void options_detach ( struct options o)

Definition at line 1703 of file options.c.

References options::client_nat, clone_push_list(), options::gc, gc_detach(), and options::routes.

Referenced by do_test_crypto(), inherit_context_child(), and inherit_context_top().

◆ options_postprocess()

void options_postprocess ( struct options options,
struct env_set es 
)

Definition at line 4296 of file options.c.

References es, options_postprocess_filechecks(), options_postprocess_mutate(), and options_postprocess_verify().

Referenced by openvpn_main().

◆ options_postprocess_cipher()

static void options_postprocess_cipher ( struct options o)
static

Definition at line 3587 of file options.c.

References options::ciphername, options::enable_ncp_fallback, M_INFO, M_WARN, options::mode, MODE_SERVER, msg, options::ncp_ciphers, options::ncp_ciphers_conf, options::pull, and tls_item_in_cipher_list().

Referenced by options_postprocess_mutate().

◆ options_postprocess_filechecks()

static void options_postprocess_filechecks ( struct options options)
static

Definition at line 4172 of file options.c.

References connection_list::array, ASSERT, options::auth_user_pass_file, options::auth_user_pass_file_inline, options::ca_file, options::ca_file_inline, options::ca_path, options::cert_file, options::cert_file_inline, check_file_access(), check_file_access_chroot(), check_file_access_chroot_inline(), check_file_access_inline(), CHKACC_ACCEPT_URI, CHKACC_ACPTSTDIN, CHKACC_DIRPATH, CHKACC_FILE, CHKACC_FILEXSTWR, CHKACC_PRIVATE, options::chroot_dir, options::client_config_dir, options::connection_list, options::crl_file, options::crl_file_inline, options::dh_file, options::dh_file_inline, options::extra_certs_file, options::key_pass_file, connection_list::len, M_USAGE, options::management_flags, options::management_user_pass, MF_EXTERNAL_KEY, msg, options::packet_id_file, options::pkcs12_file, options::pkcs12_file_inline, options::priv_key_file, options::priv_key_file_inline, options::shared_secret_file, options::shared_secret_file_inline, options::ssl_flags, SSLF_CRL_VERIFY_DIR, options::status_file, connection_entry::tls_auth_file, connection_entry::tls_auth_file_inline, connection_entry::tls_crypt_file, connection_entry::tls_crypt_file_inline, connection_entry::tls_crypt_v2_file, connection_entry::tls_crypt_v2_file_inline, options::tls_export_peer_cert_dir, options::tmp_dir, options::verify_hash_no_ca, and options::writepid.

Referenced by options_postprocess().

◆ options_postprocess_http_proxy_override()

static void options_postprocess_http_proxy_override ( struct options o)
static

Definition at line 2167 of file options.c.

References connection_list::array, CE_DISABLED, connection_entry::flags, connection_entry::http_proxy_options, options::http_proxy_override, connection_list::len, M_WARN, msg, connection_entry::proto, PROTO_TCP, PROTO_TCP_CLIENT, and PROTO_UDP.

Referenced by options_postprocess_mutate().

◆ options_postprocess_mutate()

static void options_postprocess_mutate ( struct options o,
struct env_set es 
)
static

Definition at line 3748 of file options.c.

References alloc_connection_entry(), alloc_local_entry(), local_list::array, connection_list::array, remote_list::array, ASSERT, options::auth_token_generate, options::auth_token_renewal, options::ca_file, options::ca_path, options::ce, check_compression_settings_valid(), options::comp, COMP_F_ALLOW_NOCOMP_ONLY, options::config, connection_entry_load_re(), options::connection_list, D_DCO, dco_check_option(), dco_check_startup_option(), dco_enabled(), options::dev_node, options::dh_file, options::disable_dco, options::dns_options, dns_options_preprocess_pull(), DRIVER_DCO, es, compress_options::flags, options::gc, helper_client_server(), helper_keepalive(), helper_setdefault_topology(), helper_tcp_nodelay(), options::http_proxy_override, local_list::len, connection_list::len, remote_list::len, connection_entry::local_list, connection_entry::local_port, M_INFO, M_USAGE, M_WARN, options::mode, msg, mutate_ncp_cipher_list(), options::ncp_ciphers, notnull(), options_postprocess_cipher(), options_postprocess_http_proxy_override(), options_postprocess_mutate_ce(), options_postprocess_mutate_invariant(), options_postprocess_mutate_le(), options_postprocess_setdefault_ncpciphers(), options_process_mutate_prf(), options_set_backwards_compatible_options(), local_entry::port, pre_connect_save(), local_entry::proto, connection_entry::proto, PROTO_NONE, PROTO_TCP, PROTO_TCP_SERVER, options::pull, options::remap_sigusr1, remote_entry::remote, options::remote_list, options::renegotiate_seconds, streq, options::tls_server, tuntap_options_copy_dns(), options::verify_hash, options::verify_hash_depth, options::verify_hash_no_ca, options::windows_driver, WINDOWS_DRIVER_TAP_WINDOWS6, and WINDOWS_DRIVER_UNSPECIFIED.

Referenced by options_postprocess().

◆ options_postprocess_mutate_ce()

static void options_postprocess_mutate_ce ( struct options o,
struct connection_entry ce 
)
static

Definition at line 3189 of file options.c.

References connection_entry::af, connection_entry::bind_defined, connection_entry::bind_local, options::ce, CE_DISABLED, connection_entry_preload_key(), options::dev, options::dev_type, dev_type_enum(), DEV_TYPE_TAP, connection_entry::explicit_exit_notification, connection_entry::flags, connection_entry::fragment, options::gc, connection_entry::http_proxy_options, connection_entry::key_direction, options::key_direction, connection_entry::link_mtu_defined, connection_entry::local_list, connection_entry::local_port, connection_entry::local_port_defined, M_INFO, M_WARN, options::mode, MODE_SERVER, msg, connection_entry::mssfix, MSSFIX_DEFAULT, connection_entry::mssfix_default, connection_entry::mssfix_encap, connection_entry::mssfix_fixed, http_proxy_options::nocache, connection_entry::proto, options::proto_force, proto_is_udp(), PROTO_TCP, PROTO_TCP_CLIENT, PROTO_TCP_SERVER, PROTO_UDP, options::pull, options::server_bridge_defined, options::server_bridge_proxy_dhcp, options::server_defined, connection_entry::socks_proxy_server, ssl_get_auth_nocache(), TAP_MTU_EXTRA_DEFAULT, connection_entry::tls_auth_file, options::tls_auth_file, connection_entry::tls_auth_file_inline, options::tls_auth_file_inline, connection_entry::tls_crypt_file, options::tls_crypt_file, connection_entry::tls_crypt_file_inline, options::tls_crypt_file_inline, connection_entry::tls_crypt_v2_file, options::tls_crypt_v2_file, connection_entry::tls_crypt_v2_file_inline, options::tls_crypt_v2_file_inline, connection_entry::tun_mtu, TUN_MTU_DEFAULT, connection_entry::tun_mtu_defined, connection_entry::tun_mtu_extra, and connection_entry::tun_mtu_extra_defined.

Referenced by options_postprocess_mutate().

◆ options_postprocess_mutate_invariant()

static void options_postprocess_mutate_invariant ( struct options options)
static

Definition at line 3496 of file options.c.

References options::dev, options::dev_type, dev_type_enum(), DEV_TYPE_TAP, DEV_TYPE_TUN, DRIVER_DCO, options::ifconfig_noexec, tuntap_options::ip_win32_type, IPW32_SET_ADAPTIVE, IPW32_SET_DHCP_MASQ, IPW32_SET_MANUAL, IPW32_SET_NETSH, options::mode, MODE_POINT_TO_POINT, MODE_SERVER, remap_redirect_gateway_flags(), options::route_delay, options::route_delay_defined, tuntap_options::tap_sleep, options::tuntap_options, options::windows_driver, and WINDOWS_DRIVER_WINTUN.

Referenced by options_postprocess_mutate().

◆ options_postprocess_mutate_le()

static void options_postprocess_mutate_le ( struct connection_entry ce,
struct local_entry le,
int  mode 
)
static

Definition at line 3349 of file options.c.

References connection_entry::local_port, MODE_POINT_TO_POINT, local_entry::port, local_entry::proto, and connection_entry::proto.

Referenced by options_postprocess_mutate().

◆ options_postprocess_pull()

bool options_postprocess_pull ( struct options o,
struct env_set es 
)

Definition at line 4310 of file options.c.

References D_PUSH_ERRORS, options::dns_options, dns_options_postprocess_pull(), dns_options_verify(), es, setenv_dns_options(), and tuntap_options_copy_dns().

Referenced by incoming_push_message().

◆ options_postprocess_verify()

static void options_postprocess_verify ( const struct options o)
static

Definition at line 3561 of file options.c.

References connection_list::array, options::ce, options::connection_list, dco_enabled(), options::dns_options, dns_options_verify(), options::enable_c2c, connection_list::len, M_FATAL, M_WARN, msg, and options_postprocess_verify_ce().

Referenced by options_postprocess().

◆ options_postprocess_verify_ce()

static void options_postprocess_verify_ce ( const struct options options,
const struct connection_entry ce 
)
static

Definition at line 2390 of file options.c.

References options::allow_deprecated_insecure_static_crypto, options::allow_recursive_routing, local_list::array, connection_list::array, options::auth_token_generate, options::auth_token_renewal, options::auth_user_pass_file, options::auth_user_pass_verify_script, connection_entry::bind_defined, connection_entry::bind_local, options::ca_path, options::ccd_exclusive, options::ce, options::cert_file, options::cf_max, options::cf_per, check_ca_required(), options::client_config_dir, options::client_connect_script, options::client_crresponse_script, options::client_disconnect_script, options::connection_list, options::cryptoapi_cert, options::dev, options::dev_type, dev_type_enum(), DEV_TYPE_TAP, DEV_TYPE_TUN, DEV_TYPE_UNDEF, tuntap_options::dhcp_options, DHCP_OPTIONS_DHCP_REQUIRED, options::duplicate_cn, options::enable_c2c, route_option_list::flags, options::force_key_material_export, connection_entry::fragment, options::handshake_window, connection_entry::http_proxy_options, options::ifconfig_ipv6_local, options::ifconfig_ipv6_pool_defined, options::ifconfig_local, options::ifconfig_pool_defined, options::ifconfig_pool_netmask, options::ifconfig_pool_persist_filename, options::ifconfig_remote_netmask, init_options(), tuntap_options::ip_win32_defined, tuntap_options::ip_win32_type, options::ipchange, IPW32_SET_ADAPTIVE, IPW32_SET_DHCP_MASQ, options::learn_address_script, local_list::len, connection_list::len, connection_entry::link_mtu_defined, options::lladdr, local_entry::local, connection_entry::local_list, connection_entry::local_port_defined, M_FATAL, M_INFO, M_USAGE, M_WARN, MAN_CLIENT_AUTH_ENABLED, options::management_addr, options::management_client_group, options::management_client_user, options::management_flags, options::management_log_history_cache, options::management_user_pass, MF_EXTERNAL_CERT, MF_EXTERNAL_KEY, MF_EXTERNAL_KEY_NOPADDING, MF_UNIX_SOCK, options::mode, MODE_SERVER, msg, options::mtu_test, MUST_BE_UNDEF, notnull(), pkcs11_id_management, options::pkcs12_file, PLUGIN_OPTION_LIST, local_entry::port, print_tun_backend_driver(), options::priv_key_file, local_entry::proto, connection_entry::proto, proto_is_dgram(), proto_is_net(), proto_is_udp(), PROTO_TCP, PROTO_TCP_CLIENT, PROTO_TCP_SERVER, options::pull, options::pull_filter_list, push_peer_info(), options::real_hash_size, connection_entry::remote, connection_entry::remote_port, options::renegotiate_seconds, RG_ENABLE, options::route_delay_defined, options::routes, http_proxy_options::server, options::server_flags, SF_TCP_NODELAY_HELPER, options::shaper, options::shared_secret_file, connection_entry::socks_proxy_server, options::ssl_flags, SSLF_AUTH_USER_PASS_OPTIONAL, SSLF_CLIENT_CERT_NOT_REQUIRED, SSLF_CLIENT_CERT_OPTIONAL, SSLF_OPT_VERIFY, SSLF_TLS_VERSION_MAX_MASK, SSLF_TLS_VERSION_MAX_SHIFT, SSLF_TLS_VERSION_MIN_MASK, SSLF_TLS_VERSION_MIN_SHIFT, SSLF_USERNAME_AS_COMMON_NAME, options::stale_routes_check_interval, string_defined_equal(), options::test_crypto, connection_entry::tls_auth_file, options::tls_client, connection_entry::tls_crypt_file, connection_entry::tls_crypt_v2_file, options::tls_server, TLS_VER_1_3, tls_verify(), tls_version_max(), TOP_SUBNET, options::topology, connection_entry::tun_mtu_defined, options::tuntap_options, uninit_options(), options::up_delay, USAGE_VALID_SERVER_PROTOS, options::virtual_hash_size, options::vlan_accept, options::vlan_pvid, options::vlan_tagging, options::windows_driver, WINDOWS_DRIVER_TAP_WINDOWS6, and WINDOWS_DRIVER_WINTUN.

Referenced by options_postprocess_verify().

◆ options_process_mutate_prf()

static void options_process_mutate_prf ( struct options o)
static

Definition at line 3724 of file options.c.

References check_tls_prf_working(), D_TLS_ERRORS, options::force_key_material_export, M_FATAL, M_WARN, options::mode, MODE_SERVER, and msg.

Referenced by options_postprocess_mutate().

◆ options_server_import()

void options_server_import ( struct options o,
const char *  filename,
int  msglevel,
unsigned int  permission_mask,
unsigned int *  option_types_found,
struct env_set es 
)

Definition at line 5643 of file options.c.

References D_PUSH, es, msg, and read_config_file().

Referenced by multi_client_connect_post().

◆ options_set_backwards_compatible_options()

static void options_set_backwards_compatible_options ( struct options o)
static

Changes default values so that OpenVPN can be compatible with the user specified version.

Definition at line 3654 of file options.c.

References append_cipher_to_ncp_list(), options::ciphername, options::comp, COMP_F_ADVERTISE_STUBS_ONLY, COMP_F_ALLOW_NOCOMP_ONLY, COMP_F_ALLOW_STUB_ONLY, comp_non_stub_enabled(), options::enable_ncp_fallback, compress_options::flags, options::ncp_ciphers, need_compatibility_before(), options::ssl_flags, SSLF_TLS_VERSION_MAX_MASK, SSLF_TLS_VERSION_MAX_SHIFT, SSLF_TLS_VERSION_MIN_MASK, SSLF_TLS_VERSION_MIN_SHIFT, tls_item_in_cipher_list(), TLS_VER_1_0, and TLS_VER_1_2.

Referenced by options_postprocess_mutate().

◆ options_string()

char * options_string ( const struct options o,
const struct frame frame,
struct tuntap tt,
openvpn_net_ctx_t ctx,
bool  remote,
struct gc_arena gc 
)

Definition at line 4368 of file options.c.

References alloc_buf(), ASSERT, options::authname, BSTR, buf_printf(), calc_options_string_link_mtu(), options::ce, key_type::cipher, cipher_defined(), cipher_kt_key_size(), cipher_kt_name(), options::ciphername, COMP_ALG_UNDEF, dev_type_string(), key_type::digest, gc, ifconfig_options_string(), init_key_type(), init_tun(), KEY_METHOD_2, keydirection2ascii(), buffer::len, md_kt_name(), MODE_POINT_TO_POINT, options::ncp_ciphers, OPTION_LINE_SIZE, proto_remote(), PULL_DEFINED, options::shared_secret_file, connection_entry::tls_auth_file, TLS_CLIENT, tls_item_in_cipher_list(), TLS_SERVER, and frame::tun_mtu.

Referenced by do_compute_occ_strings(), and options_string_extract_option().

◆ options_string_extract_option()

char * options_string_extract_option ( const char *  options_string,
const char *  opt_name,
struct gc_arena gc 
)

Given an OpenVPN options string, extract the value of an option.

Parameters
options_stringZero-terminated, comma-separated options string
opt_nameThe name of the option to extract
gcThe gc to allocate the return value
Returns
gc-allocated value of option with name opt_name if option was found, or NULL otherwise.

Definition at line 4766 of file options.c.

References gc, gc_malloc(), buffer::len, and options_string().

Referenced by key_method_2_read().

◆ options_string_import()

void options_string_import ( struct options options,
const char *  config,
const int  msglevel,
const unsigned int  permission_mask,
unsigned int *  option_types_found,
struct env_set es 
)

Definition at line 5663 of file options.c.

References es, and read_config_string().

Referenced by multi_client_connect_mda(), multi_client_connect_post_plugin(), and open_plugins().

◆ options_string_version()

const char * options_string_version ( const char *  s,
struct gc_arena gc 
)

Definition at line 4758 of file options.c.

References alloc_buf_gc(), BPTR, BSTR, gc, and strncpynt().

Referenced by do_compute_occ_strings().

◆ options_warning()

void options_warning ( char *  actual,
const char *  expected 
)

Definition at line 4593 of file options.c.

References options_warning_safe().

Referenced by key_method_2_read().

◆ options_warning_extract_parm1()

static const char * options_warning_extract_parm1 ( const char *  option_string,
struct gc_arena gc_ret 
)
static

Definition at line 4599 of file options.c.

References buf_parse(), gc, gc_free(), gc_malloc(), gc_new(), buffer::len, OPTION_PARM_SIZE, string_alloc(), and string_alloc_buf().

Referenced by options_warning_safe_scan2().

◆ options_warning_safe()

void options_warning_safe ( char *  actual,
const char *  expected,
size_t  actual_n 
)

Definition at line 4752 of file options.c.

References D_SHOW_OCC, and options_warning_safe_ml().

Referenced by options_warning(), and process_received_occ_msg().

◆ options_warning_safe_ml()

static void options_warning_safe_ml ( const int  msglevel,
char *  actual,
const char *  expected,
size_t  actual_n 
)
static

Definition at line 4703 of file options.c.

References alloc_buf_gc(), buf_printf(), gc, gc_free(), gc_new(), buffer::len, OPTION_PARM_SIZE, and options_warning_safe_scan1().

Referenced by options_cmp_equal_safe(), and options_warning_safe().

◆ options_warning_safe_scan1()

static void options_warning_safe_scan1 ( const int  msglevel,
const int  delim,
const bool  report_inconsistent,
const struct buffer b1_src,
const struct buffer b2_src,
const char *  b1_name,
const char *  b2_name 
)
static

Definition at line 4682 of file options.c.

References buf_parse(), gc, gc_free(), gc_malloc(), gc_new(), buffer::len, OPTION_PARM_SIZE, and options_warning_safe_scan2().

Referenced by options_warning_safe_ml().

◆ options_warning_safe_scan2()

static void options_warning_safe_scan2 ( const int  msglevel,
const int  delim,
const bool  report_inconsistent,
const char *  p1,
const struct buffer b2_src,
const char *  b1_name,
const char *  b2_name 
)
static

Definition at line 4614 of file options.c.

References buf_parse(), gc, gc_free(), gc_malloc(), gc_new(), buffer::len, msg, OPTION_PARM_SIZE, options_warning_extract_parm1(), safe_print(), streq, and strprefix().

Referenced by options_warning_safe_scan1().

◆ parse_argv()

void parse_argv ( struct options options,
const int  argc,
char *  argv[],
const int  msglevel,
const unsigned int  permission_mask,
unsigned int *  option_types_found,
struct env_set es 
)

Definition at line 5500 of file options.c.

References add_option(), CLEAR, es, buffer::len, MAX_PARMS, msg, and usage().

Referenced by openvpn_main().

◆ parse_hash_fingerprint()

static struct verify_hash_list * parse_hash_fingerprint ( const char *  str,
int  nbytes,
int  msglevel,
struct gc_arena gc 
)
static

Parses a hexstring and checks if the string has the correct length.

Return a verify_hash_list containing the parsed hash string.

Parameters
strString to check/parse
nbytesNumber of bytes expected in the hexstr (e.g. 20 for SHA1)
msglevelmessage level to use when printing warnings/errors
gcThe returned object will be allocated in this gc

Definition at line 1186 of file options.c.

References ALLOC_OBJ_CLEAR_GC, gc, verify_hash_list::hash, and msg.

Referenced by parse_hash_fingerprint_multiline().

◆ parse_hash_fingerprint_multiline()

static struct verify_hash_list * parse_hash_fingerprint_multiline ( const char *  str,
int  nbytes,
int  msglevel,
struct gc_arena gc 
)
static

Parses a string consisting of multiple lines of hexstrings and checks if each string has the correct length.

Empty lines are ignored. Returns a linked list of (possibly) multiple verify_hash_list objects.

Parameters
strString to check/parse
nbytesNumber of bytes expected in the hexstring (e.g. 20 for SHA1)
msglevelmessage level to use when printing warnings/errors
gcThe returned list items will be allocated in this gc

Definition at line 1240 of file options.c.

References gc, gc_free(), gc_new(), verify_hash_list::hash, parse_hash_fingerprint(), string_alloc(), and strsep().

Referenced by add_option().

◆ parse_http_proxy_override()

static struct http_proxy_options * parse_http_proxy_override ( const char *  server,
const char *  port,
const char *  flags,
struct gc_arena gc 
)
static

Definition at line 2137 of file options.c.

References ALLOC_OBJ_CLEAR_GC, http_proxy_options::auth_retry, gc, http_proxy_options::http_version, PAR_ALL, PAR_NCT, http_proxy_options::port, http_proxy_options::server, string_alloc(), and http_proxy_options::user_agent.

Referenced by add_option().

◆ parse_line()

int parse_line ( const char *  line,
char *  p[],
const int  n,
const char *  file,
const int  line_num,
int  msglevel,
struct gc_arena gc 
)

Definition at line 5076 of file options.c.

References gc, gc_malloc(), M_INFO, M_MSG_VIRT_OUT, M_NOPREFIX, msg, OPTION_PARM_SIZE, SIZE, and space().

Referenced by apply_push_options(), argv_parse_cmd(), make_arg_array(), man_process_command(), read_config_file(), read_config_string(), and remove_iroutes_from_push_route_list().

◆ parse_topology()

int parse_topology ( const char *  str,
const int  msglevel 
)

Definition at line 4833 of file options.c.

References buffer::len, msg, streq, TOP_NET30, TOP_P2P, TOP_SUBNET, and TOP_UNDEF.

Referenced by add_option().

◆ parse_windows_driver()

static enum tun_driver_type parse_windows_driver ( const char *  str,
const int  msglevel 
)
static

Parses –windows-driver config option.

Parameters
strvalue of –windows-driver option
msglevelmsglevel to report parsing error
Returns
enum tun_driver_type driver type, WINDOWS_DRIVER_UNSPECIFIED on unknown –windows-driver value

Definition at line 4804 of file options.c.

References DRIVER_DCO, buffer::len, msg, streq, WINDOWS_DRIVER_TAP_WINDOWS6, WINDOWS_DRIVER_UNSPECIFIED, and WINDOWS_DRIVER_WINTUN.

Referenced by add_option().

◆ pre_connect_restore()

void pre_connect_restore ( struct options o,
struct gc_arena gc 
)

Definition at line 3427 of file options.c.

References options_pre_connect::authname, options::authname, options_pre_connect::ciphername, options::ciphername, CLEAR, options_pre_connect::client_nat, options::client_nat, options_pre_connect::client_nat_defined, clone_dns_options(), cnol_check_alloc(), options_pre_connect::comp, options::comp, copy_client_nat_option_list(), copy_route_ipv6_option_list(), copy_route_option_list(), options_pre_connect::dns_options, options::dns_options, options_pre_connect::foreign_option_index, options::foreign_option_index, dns_options::gc, gc, gc_free(), gc_new(), options::imported_protocol_flags, options_pre_connect::ping_rec_timeout, options::ping_rec_timeout, options_pre_connect::ping_rec_timeout_action, options::ping_rec_timeout_action, options_pre_connect::ping_send_timeout, options::ping_send_timeout, options::pre_connect, options::push_continuation, options::push_option_types_found, rol6_check_alloc(), rol_check_alloc(), options_pre_connect::route_default_gateway, options::route_default_gateway, options_pre_connect::route_ipv6_default_gateway, options::route_ipv6_default_gateway, options_pre_connect::routes, options::routes, options_pre_connect::routes_defined, options_pre_connect::routes_ipv6, options::routes_ipv6, options_pre_connect::routes_ipv6_defined, options_pre_connect::tuntap_options, options::tuntap_options, and options_pre_connect::tuntap_options_defined.

Referenced by init_instance().

◆ pre_connect_save()

static void pre_connect_save ( struct options o)
static

Definition at line 3385 of file options.c.

References ALLOC_OBJ_CLEAR_GC, options_pre_connect::authname, options::authname, options_pre_connect::ciphername, options::ciphername, options_pre_connect::client_nat, options::client_nat, options_pre_connect::client_nat_defined, clone_client_nat_option_list(), clone_dns_options(), clone_route_ipv6_option_list(), clone_route_option_list(), options_pre_connect::comp, options::comp, options_pre_connect::dns_options, options::dns_options, options_pre_connect::foreign_option_index, options::foreign_option_index, options::gc, options_pre_connect::ping_rec_timeout, options::ping_rec_timeout, options_pre_connect::ping_rec_timeout_action, options::ping_rec_timeout_action, options_pre_connect::ping_send_timeout, options::ping_send_timeout, options::pre_connect, options_pre_connect::route_default_gateway, options::route_default_gateway, options_pre_connect::route_ipv6_default_gateway, options::route_ipv6_default_gateway, options_pre_connect::routes, options::routes, options_pre_connect::routes_defined, options_pre_connect::routes_ipv6, options::routes_ipv6, options_pre_connect::routes_ipv6_defined, options_pre_connect::tuntap_options, options::tuntap_options, and options_pre_connect::tuntap_options_defined.

Referenced by options_postprocess_mutate().

◆ print_topology()

const char * print_topology ( const int  topology)

Definition at line 4855 of file options.c.

References TOP_NET30, TOP_P2P, TOP_SUBNET, and TOP_UNDEF.

Referenced by do_ifconfig_ipv4(), and print_opt_topology().

◆ print_vlan_accept()

static const char * print_vlan_accept ( enum vlan_acceptable_frames  mode)
static

Definition at line 1522 of file options.c.

References VLAN_ALL, VLAN_ONLY_TAGGED, and VLAN_ONLY_UNTAGGED_OR_PRIORITY.

Referenced by show_p2mp_parms().

◆ pull_filter_type_name()

static const char * pull_filter_type_name ( int  type)
static

Definition at line 963 of file options.c.

References PUF_TYPE_ACCEPT, PUF_TYPE_IGNORE, PUF_TYPE_REJECT, and pull_filter::type.

Referenced by show_pull_filter_list().

◆ read_config_file()

static void read_config_file ( struct options options,
const char *  file,
int  level,
const char *  top_file,
const int  top_line,
const int  msglevel,
const unsigned int  permission_mask,
unsigned int *  option_types_found,
struct env_set es 
)
static

Definition at line 5392 of file options.c.

References add_option(), bypass_doubledash(), check_inline_file_via_fp(), CLEAR, es, in_src::fp, options::gc, MAX_PARMS, msg, OPTION_LINE_SIZE, parse_line(), platform_fopen(), secure_memzero(), SIZE, and streq.

Referenced by add_option(), and options_server_import().

◆ read_config_string()

static void read_config_string ( const char *  prefix,
struct options options,
const char *  config,
const int  msglevel,
const unsigned int  permission_mask,
unsigned int *  option_types_found,
struct env_set es 
)
static

Definition at line 5467 of file options.c.

References add_option(), buf_parse(), buf_set_read(), bypass_doubledash(), check_inline_file_via_buf(), CLEAR, es, options::gc, buffer::len, MAX_PARMS, OPTION_LINE_SIZE, parse_line(), secure_memzero(), and SIZE.

Referenced by add_option(), and options_string_import().

◆ read_inline_file()

static char * read_inline_file ( struct in_src is,
const char *  close_tag,
int *  num_lines,
struct gc_arena gc 
)
static

Definition at line 5292 of file options.c.

References alloc_buf(), ASSERT, BSTR, buf_clear(), buf_copy(), buf_printf(), buf_safe(), buffer::capacity, free_buf(), gc, in_src_get(), buffer::len, M_FATAL, msg, OPTION_LINE_SIZE, secure_memzero(), and string_alloc().

Referenced by check_inline_file().

◆ remap_redirect_gateway_flags()

static void remap_redirect_gateway_flags ( struct options opt)
static

Definition at line 3367 of file options.c.

References route_option_list::flags, M_INFO, msg, RG_DEF1, RG_REROUTE_GW, options::route_method, ROUTE_METHOD_SERVICE, and options::routes.

Referenced by add_option(), and options_postprocess_mutate_invariant().

◆ rol6_check_alloc()

static void rol6_check_alloc ( struct options options)
static

Definition at line 1721 of file options.c.

References options::gc, new_route_ipv6_option_list(), and options::routes_ipv6.

Referenced by add_option(), and pre_connect_restore().

◆ rol_check_alloc()

void rol_check_alloc ( struct options options)

Definition at line 1712 of file options.c.

References options::gc, new_route_option_list(), and options::routes.

Referenced by add_option(), helper_add_route(), and pre_connect_restore().

◆ set_user_script()

static void set_user_script ( struct options options,
const char **  script,
const char *  new_script,
const char *  type,
bool  in_chroot 
)
static

Definition at line 5776 of file options.c.

References check_cmd_access(), options::chroot_dir, M_USAGE, M_WARN, msg, pull_filter::type, and options::user_script_used.

Referenced by add_option().

◆ setenv_connection_entry()

static void setenv_connection_entry ( struct env_set es,
const struct connection_entry e,
const int  i 
)
static

Definition at line 998 of file options.c.

References es, connection_entry::http_proxy_options, http_proxy_options::port, connection_entry::remote, connection_entry::remote_port, http_proxy_options::server, setenv_str_i(), connection_entry::socks_proxy_port, and connection_entry::socks_proxy_server.

Referenced by setenv_settings().

◆ setenv_local_entry()

static void setenv_local_entry ( struct env_set es,
const struct local_entry e,
const int  i 
)
static

Definition at line 1018 of file options.c.

References es, local_entry::local, local_entry::port, local_entry::proto, proto2ascii(), and setenv_str_i().

Referenced by setenv_settings().

◆ setenv_settings()

void setenv_settings ( struct env_set es,
const struct options o 
)

Definition at line 1028 of file options.c.

References local_list::array, connection_list::array, options::ce, options::config, options::connection_list, options::daemon, options::dns_options, es, local_list::len, connection_list::len, connection_entry::local_list, options::log, platform_getpid(), options::pull, setenv_connection_entry(), setenv_dns_options(), setenv_int(), setenv_local_entry(), setenv_long_long(), setenv_str(), and options::verbosity.

Referenced by openvpn_main().

◆ show_compression_warning()

static void show_compression_warning ( struct compress_options info)
static

Definition at line 5806 of file options.c.

References comp_non_stub_enabled(), M_WARN, and msg.

Referenced by add_option().

◆ show_connection_entries()

static void show_connection_entries ( const struct options o)
static

Definition at line 1797 of file options.c.

References options::connection_list, D_SHOW_PARMS, connection_list::len, msg, and show_connection_entry().

Referenced by show_settings().

◆ show_connection_entry()

static void show_connection_entry ( const struct connection_entry o)
static

Definition at line 1740 of file options.c.

References connection_entry::af, local_list::array, bind_local(), D_SHOW_PARMS, connection_entry::http_proxy_options, connection_entry::key_direction, keydirection2ascii(), local_list::len, local_entry::local, connection_entry::local_list, msg, local_entry::port, local_entry::proto, connection_entry::proto, proto2ascii(), SHOW_BOOL, show_http_proxy_options(), SHOW_INT, SHOW_PARM, SHOW_STR, and SHOW_STR_INLINE.

Referenced by show_connection_entries().

◆ show_dco_version()

void show_dco_version ( const unsigned int  flags)

Definition at line 4983 of file options.c.

References dco_version_string(), gc, gc_free(), gc_new(), and msg.

Referenced by openvpn_main(), and usage_version().

◆ show_dhcp_option_addrs()

static void show_dhcp_option_addrs ( const char *  name,
const in_addr_t *  array,
int  len 
)
static

Definition at line 1293 of file options.c.

References D_SHOW_PARMS, gc, gc_free(), gc_new(), msg, and print_in_addr_t().

Referenced by show_tuntap_options().

◆ show_dhcp_option_list()

static void show_dhcp_option_list ( const char *  name,
const char *const *  array,
int  len 
)
static

Definition at line 1283 of file options.c.

References D_SHOW_PARMS, and msg.

Referenced by show_tuntap_options().

◆ show_http_proxy_options()

static void show_http_proxy_options ( const struct http_proxy_options o)
static

Definition at line 1672 of file options.c.

References http_custom_header::content, http_proxy_options::custom_headers, D_SHOW_PARMS, MAX_CUSTOM_HTTP_HEADER, msg, http_custom_header::name, SHOW_BOOL, and SHOW_STR.

Referenced by show_connection_entry().

◆ show_library_versions()

void show_library_versions ( const unsigned int  flags)

Definition at line 4993 of file options.c.

References get_ssl_library_version(), LZO_LIB_VER_STR, and msg.

Referenced by openvpn_main(), and usage_version().

◆ show_p2mp_parms()

static void show_p2mp_parms ( const struct options o)
static

Definition at line 1539 of file options.c.

References D_SHOW_PARMS, push_entry::enable, gc, gc_free(), gc_new(), push_list::head, options::ifconfig_ipv6_pool_base, options::ifconfig_pool_end, options::ifconfig_pool_netmask, options::ifconfig_pool_start, learn_address_script(), msg, push_entry::next, push_entry::option, print_in6_addr(), print_in_addr_t(), print_vlan_accept(), options::push_ifconfig_ipv6_local, options::push_ifconfig_ipv6_netbits, options::push_ifconfig_ipv6_remote, options::push_ifconfig_local, options::push_ifconfig_remote_netmask, options::push_list, options::server_bridge_ip, options::server_bridge_netmask, options::server_bridge_pool_end, options::server_bridge_pool_start, options::server_netmask, options::server_network, options::server_network_ipv6, SHOW_BOOL, SHOW_INT, SHOW_STR, SHOW_STR_INLINE, and options::vlan_accept.

Referenced by show_settings().

◆ show_pull_filter_list()

static void show_pull_filter_list ( const struct pull_filter_list l)
static

Definition at line 1818 of file options.c.

References D_SHOW_PARMS, pull_filter_list::head, msg, and pull_filter_type_name().

Referenced by show_settings().

◆ show_settings()

void show_settings ( const struct options o)

Definition at line 1836 of file options.c.

References options::client_nat, D_SHOW_PARMS, daemon(), options::dns_options, format_hex_ex(), gc, gc_free(), gc_new(), verify_hash_list::hash, options::key_direction, keydirection2ascii(), machine_readable_output, options::management_flags, MAX_PARMS, MD_SHA1, MF_EXTERNAL_CERT, MF_EXTERNAL_KEY, msg, verify_hash_list::next, pkcs11_id_management, options::plugin_list, plugin_option_list_print(), print_client_nat_list(), print_route_options(), options::pull_filter_list, push_peer_info(), options::routes, SHA256_DIGEST_LENGTH, SHA_DIGEST_LENGTH, SHOW_BOOL, show_connection_entries(), show_dns_options(), SHOW_INT, SHOW_INT64, show_p2mp_parms(), SHOW_PARM, show_pull_filter_list(), SHOW_STR, SHOW_STR_INLINE, show_tuntap_options(), suppress_timestamps, test_crypto(), tls_verify(), options::tuntap_options, options::verify_hash, and options::verify_hash_algo.

Referenced by openvpn_main().

◆ show_tuntap_options()

static void show_tuntap_options ( const struct tuntap_options o)
static

Definition at line 1308 of file options.c.

References dhcp_renew(), tuntap_options::dns, tuntap_options::dns_len, tuntap_options::domain_search_list, tuntap_options::domain_search_list_len, tuntap_options::nbdd, tuntap_options::nbdd_len, tuntap_options::ntp, tuntap_options::ntp_len, SHOW_BOOL, show_dhcp_option_addrs(), show_dhcp_option_list(), SHOW_INT, SHOW_STR, SHOW_UNSIGNED, tuntap_options::wins, and tuntap_options::wins_len.

Referenced by show_settings().

◆ show_windows_version()

void show_windows_version ( const unsigned int  flags)

Definition at line 4974 of file options.c.

References gc, gc_free(), gc_new(), msg, and win32_version_string().

Referenced by openvpn_main(), and usage_version().

◆ space()

static bool space ( unsigned char  c)
inlinestatic

Definition at line 5070 of file options.c.

Referenced by parse_line().

◆ string_defined_equal()

bool string_defined_equal ( const char *  s1,
const char *  s2 
)

Definition at line 5039 of file options.c.

Referenced by options_postprocess_verify_ce().

◆ string_substitute()

static char * string_substitute ( const char *  src,
int  from,
int  to,
struct gc_arena gc 
)
static

Definition at line 1157 of file options.c.

References gc, and gc_malloc().

Referenced by add_option().

◆ tuntap_options_copy_dns()

static void tuntap_options_copy_dns ( struct options o)
static

Definition at line 1382 of file options.c.

References dns_server_addr::a4, dns_server_addr::a6, dns_server::addr, dns_server::addr_count, tuntap_options::dhcp_options, DHCP_OPTIONS_DHCP_OPTIONAL, DHCP_OPTIONS_DHCP_REQUIRED, tuntap_options::dns, tuntap_options::dns6, tuntap_options::dns6_len, tuntap_options::dns_len, options::dns_options, tuntap_options::domain_search_list, tuntap_options::domain_search_list_len, dns_server_addr::family, dns_server_addr::in, M_WARN, msg, N_DHCP_ADDR, N_SEARCH_LIST_LEN, dns_domain::name, dns_domain::next, dns_server::next, dns_options::search_domains, dns_options::servers, and options::tuntap_options.

Referenced by options_postprocess_mutate(), and options_postprocess_pull().

◆ uninit_options()

void uninit_options ( struct options o)

Definition at line 925 of file options.c.

References CLEAR, options::connection_list, options::dns_options, dns_options::gc, options::gc, gc_free(), options::gc_owned, and options::remote_list.

Referenced by add_option(), openvpn_main(), and options_postprocess_verify_ce().

◆ usage()

static void usage ( void  )
static

Definition at line 4934 of file options.c.

References options::authname, options::ce, connection_entry::connect_retry_seconds, connection_entry::connect_retry_seconds_max, options::handshake_window, init_options(), buffer::len, connection_entry::local_port, msg_fp(), openvpn_exit(), OPENVPN_EXIT_STATUS_USAGE, connection_entry::remote_port, options::renegotiate_seconds, options::replay_time, options::replay_window, TAP_MTU_EXTRA_DEFAULT, title_string, options::tls_timeout, options::transition_window, TUN_MTU_DEFAULT, usage_message, and options::verbosity.

Referenced by add_option(), main(), parse_argv(), and x509_verify_ns_cert_type().

◆ usage_small()

void usage_small ( void  )

Definition at line 4966 of file options.c.

References M_NOPREFIX, M_WARN, msg, openvpn_exit(), and OPENVPN_EXIT_STATUS_USAGE.

Referenced by x_msg_va().

◆ usage_version()

static void usage_version ( void  )
static

Definition at line 5008 of file options.c.

References M_INFO, M_NOPREFIX, msg, openvpn_exit(), OPENVPN_EXIT_STATUS_GOOD, show_dco_version(), show_library_versions(), show_windows_version(), and title_string.

Referenced by add_option().

◆ verify_permission()

static bool verify_permission ( const char *  name,
const char *  file,
int  line,
const unsigned int  type,
const unsigned int  allowed,
unsigned int *  found,
const int  msglevel,
struct options options,
bool  is_inline 
)
static

Definition at line 5682 of file options.c.

References options::connection_list, M_WARN, msg, OPT_P_CONNECTION, OPT_P_INLINE, OPT_P_PULL_MODE, and pull_filter::type.

Variable Documentation

◆ global_auth_retry

int global_auth_retry
static

Definition at line 4880 of file options.c.

Referenced by auth_retry_get(), auth_retry_print(), and auth_retry_set().

◆ title_string

const char title_string[]

Definition at line 69 of file options.c.

Referenced by do_test_crypto(), man_dispatch_command(), man_help(), multi_print_status(), openvpn_main(), usage(), and usage_version().

◆ usage_message

const char usage_message[]
static

Definition at line 120 of file options.c.

Referenced by usage().

Generated by doxygen 1.9.8