Added --proto-force directive.

Version 2.1.3a


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6424 e7ae566f-a301-0410-adde-c780ea21d3b5

Author: jamesyonan

openvpn.8

@@ -378,7 +378,13 @@ block.  The effect would be as if
 were declared in all
 .B <connection>
 blocks below it.
-
+.\"*********************************************************
+.TP
+.B --proto-force p
+When iterating through connection profiles,
+only consider profiles using protocol
+.B p
+('tcp'|'udp'). 
 .\"*********************************************************
 .TP
 .B --remote-random

options.c

@@ -94,6 +94,7 @@ static const char usage_message[] =
   "--mode m        : Major mode, m = 'p2p' (default, point-to-point) or 'server'.\n"
   "--proto p       : Use protocol p for communicating with peer.\n"
   "                  p = udp (default), tcp-server, or tcp-client\n"
+  "--proto-force p : only consider protocol p in list of connection profiles.\n"
   "--connect-retry n : For --proto tcp-client, number of seconds to wait\n"
   "                    between connection retries (default=%d).\n"
   "--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n"
@@ -693,6 +694,7 @@ init_options (struct options *o, const bool init_gc)
   o->route_delay_window = 30;
   o->max_routes = MAX_ROUTES_DEFAULT;
   o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
+  o->proto_force = -1;
 #ifdef ENABLE_OCC
   o->occ = true;
 #endif
@@ -2129,6 +2131,10 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)
 
   if (!ce->bind_local)
     ce->local_port = 0;
+
+  /* if protocol forcing is enabled, disable all protocols except for the forced one */
+  if (o->proto_force >= 0 && is_proto_tcp(o->proto_force) != is_proto_tcp(ce->proto))
+    ce->flags |= CE_DISABLED;
 }
 
 static void
@@ -4311,6 +4317,19 @@ add_option (struct options *options,
 	}
       options->ce.proto = proto;
     }
+  else if (streq (p[0], "proto-force") && p[1])
+    {
+      int proto_force;
+      VERIFY_PERMISSION (OPT_P_GENERAL);
+      proto_force = ascii2proto (p[1]);
+      if (proto_force < 0)
+	{
+	  msg (msglevel, "Bad --proto-force protocol: '%s'", p[1]);
+	  goto err;
+	}
+      options->proto_force = proto_force;
+      options->force_connection_list = true;
+    }
 #ifdef GENERAL_PROXY_SUPPORT
   else if (streq (p[0], "auto-proxy"))
     {

options.h

@@ -216,6 +216,8 @@ struct options
   bool tun_mtu_defined;  /* true if user overriding parm with command line option */
   bool link_mtu_defined; /* true if user overriding parm with command line option */
 
+  int proto_force;
+
   /* Advanced MTU negotiation and datagram fragmentation options */
   int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
 

socket.h

@@ -509,6 +509,12 @@ legal_ipv4_port (int port)
   return port > 0 && port < 65536;
 }
 
+static inline int
+is_proto_tcp(const int p)
+{
+  return p > 0; /* depends on the definition of PROTO_x */
+}
+
 static inline bool
 link_socket_proto_connection_oriented (int proto)
 {

version.m4

@@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1.3])
+define(PRODUCT_VERSION,[2.1.3a])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])