1 /** 2 * configuration.h 3 * 4 * Author: Brane F. Gracnar 5 * 6 */ 7 8 #ifndef CONFIGURATION_H_INCLUDED 9 #define CONFIGURATION_H_INCLUDED 10 11 #include <sys/types.h> 12 #include <openssl/ssl.h> 13 14 #include "foreign/uthash.h" 15 16 /* This macro disables NPN even in openssl/ssl.h */ 17 #ifdef OPENSSL_NO_NEXTPROTONEG 18 # undef OPENSSL_WITH_NPN 19 #endif 20 21 #ifdef OPENSSL_WITH_ALPN 22 # define ALPN_NPN_PREFIX_STR "{alpn}" 23 #else 24 # ifdef OPENSSL_WITH_NPN 25 # define ALPN_NPN_PREFIX_STR "{npn}" 26 # endif 27 #endif 28 29 #ifdef USE_SHARED_CACHE 30 # include "shctx.h" 31 # ifndef MAX_SHCUPD_PEERS 32 # define MAX_SHCUPD_PEERS 15 33 # endif 34 typedef struct shcupd_peer_opt { 35 char *ip; 36 char *port; 37 } shcupd_peer_opt; 38 #endif 39 40 typedef enum { 41 #define TLS_PROTO(e, n, s) \ 42 e = n, 43 #include "tls_proto_tbl.h" 44 45 } TLS_PROTOCOL; 46 47 #define DEFAULT_TLS_PROTOS (TLSv1_2_PROTO | TLSv1_3_PROTO) 48 #define TLS_OPTION_PROTOS \ 49 (TLSv1_0_PROTO | TLSv1_1_PROTO | DEFAULT_TLS_PROTOS) 50 #define SSL_OPTION_PROTOS (SSLv3_PROTO | TLS_OPTION_PROTOS) 51 52 typedef enum { 53 SSL_SERVER, 54 SSL_CLIENT 55 } PROXY_MODE; 56 57 struct cfg_cert_file { 58 unsigned magic; 59 #define CFG_CERT_FILE_MAGIC 0x58c280d2 60 char *filename; 61 char *priv_key_filename; 62 char *ocspfn; 63 double ocsp_mtim; 64 int mark; 65 int ocsp_vfy; 66 double mtim; 67 UT_hash_handle hh; 68 }; 69 70 struct front_arg { 71 unsigned magic; 72 #define FRONT_ARG_MAGIC 0x07a16cb5 73 char *ip; 74 char *port; 75 struct cfg_cert_file *certs; 76 char *pspec; 77 int match_global_certs; 78 int sni_nomatch_abort; 79 int prefer_server_ciphers; 80 char *ciphers_tlsv12; 81 char *ciphersuites_tlsv13; 82 int selected_protos; 83 int client_verify; 84 char *client_verify_ca; 85 int mark; 86 UT_hash_handle hh; 87 }; 88 89 /* configuration structure */ 90 struct __hitch_config { 91 PROXY_MODE PMODE; 92 int SELECTED_TLS_PROTOS; 93 int WRITE_IP_OCTET; 94 int WRITE_PROXY_LINE_V1; 95 int WRITE_PROXY_LINE_V2; 96 int PROXY_PROXY_LINE; 97 unsigned PROXY_TLV; 98 unsigned PROXY_AUTHORITY; 99 unsigned PROXY_CLIENT_CERT; 100 char *ALPN_PROTOS; 101 unsigned char *ALPN_PROTOS_LV; 102 unsigned ALPN_PROTOS_LV_LEN; 103 char *CHROOT; 104 int UID; 105 int GID; 106 struct front_arg *LISTEN_ARGS; 107 struct front_arg *LISTEN_DEFAULT; 108 char *BACK_IP; 109 char *BACK_PORT; 110 char *BACK_PATH; 111 long NCORES; 112 struct cfg_cert_file *CERT_FILES; 113 struct cfg_cert_file *CERT_DEFAULT; 114 char *CIPHERS_TLSv12; 115 char *CIPHERSUITES_TLSv13; 116 int CLIENT_VERIFY; 117 char *CLIENT_VERIFY_CA; 118 char *ENGINE; 119 int BACKLOG; 120 #ifdef USE_SHARED_CACHE 121 int SHARED_CACHE; 122 char *SHCUPD_IP; 123 char *SHCUPD_PORT; 124 shcupd_peer_opt SHCUPD_PEERS[MAX_SHCUPD_PEERS+1]; 125 char *SHCUPD_MCASTIF; 126 char *SHCUPD_MCASTTTL; 127 #endif 128 int LOG_LEVEL; 129 int SYSLOG; 130 int SYSLOG_FACILITY; 131 int TCP_KEEPALIVE_TIME; 132 int BACKEND_REFRESH_TIME; 133 int DAEMONIZE; 134 int PREFER_SERVER_CIPHERS; 135 int BACKEND_CONNECT_TIMEOUT; 136 int SSL_HANDSHAKE_TIMEOUT; 137 int RECV_BUFSIZE; 138 int SEND_BUFSIZE; 139 char *LOG_FILENAME; 140 int RING_SLOTS; 141 int RING_DATA_LEN; 142 char *PIDFILE; 143 int SNI_NOMATCH_ABORT; 144 int TEST; 145 char *PEM_DIR; 146 char *PEM_DIR_GLOB; 147 char *ECDH_CURVE; 148 int OCSP_VFY; 149 char *OCSP_DIR; 150 double OCSP_RESP_TMO; 151 double OCSP_CONN_TMO; 152 int OCSP_REFRESH_INTERVAL; 153 char *DEBUG_LISTEN_ADDR; 154 #ifdef TCP_FASTOPEN_WORKS 155 int TFO; 156 #endif 157 }; 158 159 typedef struct __hitch_config hitch_config; 160 161 const char * config_error_get (void); 162 hitch_config * config_new (void); 163 void config_destroy (hitch_config *cfg); 164 int config_parse_cli(int argc, char **argv, hitch_config *cfg); 165 166 #endif /* CONFIGURATION_H_INCLUDED */ 167