Added --proto-force directive.

Version 2.1.3a git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6424 e7ae566f-a301-0410-adde-c780ea21d3b5
2025-05-08 21:25:53 +08:00 · 2010-09-01 06:04:29 +00:00 · 2010-09-01 06:04:29 +00:00 · 51e6e5b0f1
commit 51e6e5b0f1
parent 1d76ecbcd0
5 changed files with 35 additions and 2 deletions
--- a/openvpn.8
+++ b/openvpn.8
@ -378,7 +378,13 @@ block.  The effect would be as if
 were declared in all
 .B <connection>
 blocks below it.
-
+.\"*********************************************************
+.TP
+.B --proto-force p
+When iterating through connection profiles,
+only consider profiles using protocol
+.B p
+('tcp'|'udp'). 
 .\"*********************************************************
 .TP
 .B --remote-random
--- a/options.c
+++ b/options.c
@ -94,6 +94,7 @@ static const char usage_message[] =
  "--mode m        : Major mode, m = 'p2p' (default, point-to-point) or 'server'.\n"
  "--proto p       : Use protocol p for communicating with peer.\n"
  "                  p = udp (default), tcp-server, or tcp-client\n"
+  "--proto-force p : only consider protocol p in list of connection profiles.\n"
  "--connect-retry n : For --proto tcp-client, number of seconds to wait\n"
  "                    between connection retries (default=%d).\n"
  "--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n"
@ -693,6 +694,7 @@ init_options (struct options *o, const bool init_gc)
  o->route_delay_window = 30;
  o->max_routes = MAX_ROUTES_DEFAULT;
  o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
+  o->proto_force = -1;
 #ifdef ENABLE_OCC
  o->occ = true;
 #endif
@ -2129,6 +2131,10 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)

  if (!ce->bind_local)
    ce->local_port = 0;
+
+  /* if protocol forcing is enabled, disable all protocols except for the forced one */
+  if (o->proto_force >= 0 && is_proto_tcp(o->proto_force) != is_proto_tcp(ce->proto))
+    ce->flags |= CE_DISABLED;
 }

 static void
@ -4311,6 +4317,19 @@ add_option (struct options *options,
 	}
      options->ce.proto = proto;
    }
+  else if (streq (p[0], "proto-force") && p[1])
+    {
+      int proto_force;
+      VERIFY_PERMISSION (OPT_P_GENERAL);
+      proto_force = ascii2proto (p[1]);
+      if (proto_force < 0)
+	{
+	  msg (msglevel, "Bad --proto-force protocol: '%s'", p[1]);
+	  goto err;
+	}
+      options->proto_force = proto_force;
+      options->force_connection_list = true;
+    }
 #ifdef GENERAL_PROXY_SUPPORT
  else if (streq (p[0], "auto-proxy"))
    {
--- a/options.h
+++ b/options.h
@ -216,6 +216,8 @@ struct options
  bool tun_mtu_defined;  /* true if user overriding parm with command line option */
  bool link_mtu_defined; /* true if user overriding parm with command line option */

+  int proto_force;
+
  /* Advanced MTU negotiation and datagram fragmentation options */
  int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */

--- a/socket.h
+++ b/socket.h
@ -509,6 +509,12 @@ legal_ipv4_port (int port)
  return port > 0 && port < 65536;
 }

+static inline int
+is_proto_tcp(const int p)
+{
+  return p > 0; /* depends on the definition of PROTO_x */
+}
+
 static inline bool
 link_socket_proto_connection_oriented (int proto)
 {
--- a/version.m4
+++ b/version.m4
@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1.3])
+define(PRODUCT_VERSION,[2.1.3a])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])