From 51e6e5b0f14db8bf5a6b6ebee26678fe8b623ad4 Mon Sep 17 00:00:00 2001 From: James Yonan Date: Wed, 1 Sep 2010 06:04:29 +0000 Subject: Added --proto-force directive. Version 2.1.3a git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6424 e7ae566f-a301-0410-adde-c780ea21d3b5 --- openvpn.8 | 8 +++++++- options.c | 19 +++++++++++++++++++ options.h | 2 ++ socket.h | 6 ++++++ version.m4 | 2 +- 5 files changed, 35 insertions(+), 2 deletions(-) diff --git a/openvpn.8 b/openvpn.8 index f523609..004a30b 100644 --- a/openvpn.8 +++ b/openvpn.8 @@ -378,7 +378,13 @@ block. The effect would be as if were declared in all .B blocks below it. - +.\"********************************************************* +.TP +.B --proto-force p +When iterating through connection profiles, +only consider profiles using protocol +.B p +('tcp'|'udp'). .\"********************************************************* .TP .B --remote-random diff --git a/options.c b/options.c index b1ac26c..5f1efc5 100644 --- a/options.c +++ b/options.c @@ -94,6 +94,7 @@ static const char usage_message[] = "--mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'.\n" "--proto p : Use protocol p for communicating with peer.\n" " p = udp (default), tcp-server, or tcp-client\n" + "--proto-force p : only consider protocol p in list of connection profiles.\n" "--connect-retry n : For --proto tcp-client, number of seconds to wait\n" " between connection retries (default=%d).\n" "--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n" @@ -693,6 +694,7 @@ init_options (struct options *o, const bool init_gc) o->route_delay_window = 30; o->max_routes = MAX_ROUTES_DEFAULT; o->resolve_retry_seconds = RESOLV_RETRY_INFINITE; + o->proto_force = -1; #ifdef ENABLE_OCC o->occ = true; #endif @@ -2129,6 +2131,10 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce) if (!ce->bind_local) ce->local_port = 0; + + /* if protocol forcing is enabled, disable all protocols except for the forced one */ + if (o->proto_force >= 0 && is_proto_tcp(o->proto_force) != is_proto_tcp(ce->proto)) + ce->flags |= CE_DISABLED; } static void @@ -4311,6 +4317,19 @@ add_option (struct options *options, } options->ce.proto = proto; } + else if (streq (p[0], "proto-force") && p[1]) + { + int proto_force; + VERIFY_PERMISSION (OPT_P_GENERAL); + proto_force = ascii2proto (p[1]); + if (proto_force < 0) + { + msg (msglevel, "Bad --proto-force protocol: '%s'", p[1]); + goto err; + } + options->proto_force = proto_force; + options->force_connection_list = true; + } #ifdef GENERAL_PROXY_SUPPORT else if (streq (p[0], "auto-proxy")) { diff --git a/options.h b/options.h index 1d5fe4c..fc5db58 100644 --- a/options.h +++ b/options.h @@ -216,6 +216,8 @@ struct options bool tun_mtu_defined; /* true if user overriding parm with command line option */ bool link_mtu_defined; /* true if user overriding parm with command line option */ + int proto_force; + /* Advanced MTU negotiation and datagram fragmentation options */ int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */ diff --git a/socket.h b/socket.h index cd24011..eef98d1 100644 --- a/socket.h +++ b/socket.h @@ -509,6 +509,12 @@ legal_ipv4_port (int port) return port > 0 && port < 65536; } +static inline int +is_proto_tcp(const int p) +{ + return p > 0; /* depends on the definition of PROTO_x */ +} + static inline bool link_socket_proto_connection_oriented (int proto) { diff --git a/version.m4 b/version.m4 index f37e1c2..f0541e3 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1.3]) +define(PRODUCT_VERSION,[2.1.3a]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) -- cgit v1.2.3