XinYang_IOS / Carthage / Checkouts / OpenVPNAdapter / Sources / OpenVPN3 / openvpn / common / options.hpp
@zhangfeng zhangfeng on 7 Dec 2023 39 KB 1.8.0
//    OpenVPN -- An application to securely tunnel IP networks
//               over a single port, with support for SSL/TLS-based
//               session authentication and key exchange,
//               packet encryption, packet authentication, and
//               packet compression.
//    Copyright (C) 2012-2020 OpenVPN Inc.
//    This program is free software: you can redistribute it and/or modify
//    it under the terms of the GNU Affero General Public License Version 3
//    as published by the Free Software Foundation.
//    This program is distributed in the hope that it will be useful,
//    but WITHOUT ANY WARRANTY; without even the implied warranty of
//    GNU Affero General Public License for more details.
//    You should have received a copy of the GNU Affero General Public License
//    along with this program in the COPYING file.
//    If not, see <>.

// General-purpose options parser, used to parse the OpenVPN configuration
// file as well as the server-pushed options list.  Note that these classes
// don't get into the interpretation or typing of options -- they only care
// about parsing the options into lists of strings, and then presenting the
// complete configuration file as a list of options.
// The parser understands the general grammar of OpenVPN configuration
// files including:
// 1. option/argument parsing, quoting, escaping, and comments,
// 2. inline directives such as
//      <ca>
//      ...
//      </ca>
// 3. and meta-directives such as those used by OpenVPN Access Server such as:
// The basic organization of the parser is as follows:
//   Option -- a list of strings, where the first string is the
//     option/directive name, and subsequent strings are arguments.
//   OptionList -- a list of Options that also contains a map for
//     optimal lookup of specific options


#include <string>
#include <sstream>
#include <vector>
#include <algorithm>   // for std::sort, std::min
#include <utility>     // for std::move
#include <type_traits> // for std::is_nothrow_move_constructible
#include <unordered_map>
#include <cstdint>     // for std::uint64_t

#include <openvpn/common/rc.hpp>
#include <openvpn/common/size.hpp>
#include <openvpn/common/number.hpp>
#include <openvpn/common/hexstr.hpp>
#include <openvpn/common/string.hpp>
#include <openvpn/common/split.hpp>
#include <openvpn/common/splitlines.hpp>
#include <openvpn/common/unicode.hpp>
#include <openvpn/common/option_error.hpp>

namespace openvpn {

  class Option
    enum {
      MULTILINE = 0x8000000,

    // Validate string by size and multiline status.
    // OR max_len with MULTILINE to allow multiline string.
    // Return values:
    enum validate_status {

    // Options for render methods
    enum render_flags {
      RENDER_TRUNC_64 = (1<<0),  // truncate option after 64 chars
      RENDER_PASS_FMT = (1<<1),  // pass \r\n\t
      RENDER_NUMBER   = (1<<2),  // number lines
      RENDER_BRACKET  = (1<<3),  // quote options using []
      RENDER_UNUSED   = (1<<4),  // only show unused options

      static_assert(std::is_nothrow_move_constructible<Option>::value, "class Option not noexcept move constructable");

    template<typename T, typename... Args>
    Option(T first, Args... args)
      reserve(1 + sizeof...(args));
      from_list(std::move(first), std::forward<Args>(args)...);

    static validate_status validate(const std::string& str, const size_t max_len)
      const size_t pos = str.find_first_of("\r\n");
      const size_t len = max_len & ((size_t)MULTILINE-1); // NOTE -- use smallest flag value here
      if (pos != std::string::npos && !(max_len & MULTILINE))
      else if (len > 0 && Unicode::utf8_length(str) > len)
	return STATUS_GOOD;

    static const char *validate_status_description(const validate_status status)
      switch (status)
	  return "good";
	  return "multiline";
	  return "too long";
	  return "unknown";

    void min_args(const size_t n) const
      const size_t s = data.size();
      if (s < n)
	OPENVPN_THROW(option_error, err_ref() << " must have at least " << n << " arguments");

    void exact_args(const size_t n) const
      const size_t s = data.size();
      if (s != n)
	OPENVPN_THROW(option_error, err_ref() << " must have exactly " << n << " arguments");

    void validate_arg(const size_t index, const size_t max_len) const
      if (max_len > 0 && index < data.size())
	  const validate_status status = validate(data[index], max_len);
	  if (status != STATUS_GOOD)
	    OPENVPN_THROW(option_error, err_ref() << " is " << validate_status_description(status));

    static void validate_string(const std::string& name, const std::string& str, const size_t max_len)
      const validate_status status = validate(str, max_len);
      if (status != STATUS_GOOD)
	OPENVPN_THROW(option_error, name << " is " << validate_status_description(status));

    std::string printable_directive() const
      try {
	if (data.size() > 0)
	  return Unicode::utf8_printable(data[0], 32);
	  return "";
      catch (const std::exception&)
	  return "[DIRECTIVE]";

    const std::string& get(const size_t index, const size_t max_len) const
      validate_arg(index, max_len);
      return data[index];

    std::string get_optional(const size_t index, const size_t max_len) const
      validate_arg(index, max_len);
      if (index < data.size())
	return data[index];
	return "";

    std::string get_default(const size_t index, const size_t max_len, const std::string& default_value) const
      validate_arg(index, max_len);
      if (index < data.size())
	return data[index];
	return default_value;

    const std::string* get_ptr(const size_t index, const size_t max_len) const
      validate_arg(index, max_len);
      if (index < data.size())
	return &data[index];
	return nullptr;

    template <typename T>
    T get_num(const size_t idx) const
      typedef typename std::remove_const<T>::type T_nonconst;
      T_nonconst n(0); // we shouldn't need to initialize here, but some compilers complain "may be used uninitialized in this function"
      const std::string& numstr = get(idx, 64);
      if (numstr.length() >= 2 && numstr[0] == '0' && numstr[1] == 'x')
	  if (!parse_hex_number(numstr.substr(2), n))
	    OPENVPN_THROW(option_error, err_ref() << '[' << idx << "] expecting a hex number");
      else if (!parse_number<T_nonconst>(numstr, n))
	OPENVPN_THROW(option_error, err_ref() << '[' << idx << "] must be a number");
      return n;

    template <typename T>
    T get_num(const size_t idx, const T default_value) const
      if (size() > idx)
	return get_num<T>(idx);
	return default_value;

    template <typename T>
    T get_num(const size_t idx, const T default_value, const T min_value, const T max_value) const
      const T ret = get_num<T>(idx, default_value);
      if (ret != default_value && (ret < min_value || ret > max_value))
	range_error(idx, min_value, max_value);
      return ret;

    template <typename T>
    T get_num(const size_t idx, const T min_value, const T max_value) const
      const T ret = get_num<T>(idx);
      if (ret < min_value || ret > max_value)
	range_error(idx, min_value, max_value);
      return ret;

    std::string render(const unsigned int flags) const
      std::ostringstream out;
      size_t max_len_flags = (flags & RENDER_TRUNC_64) ? 64 : 0;
      if (flags & RENDER_PASS_FMT)
	max_len_flags |= Unicode::UTF8_PASS_FMT;
      bool first = true;
      for (std::vector<std::string>::const_iterator i = data.begin(); i != data.end(); ++i)
	  if (!first)
	    out << ' ';
	  if (flags & RENDER_BRACKET)
	    out << '[';
	  out << Unicode::utf8_printable(*i, max_len_flags);
	  if (flags & RENDER_BRACKET)
	    out << ']';
	  first = false;
      return out.str();

    static void escape_string(std::ostream& out, const std::string& term, const bool must_quote)
      if (must_quote)
	out << '\"';
      for (std::string::const_iterator j = term.begin(); j != term.end(); ++j)
	  const char c = *j;
	  if (c == '\"' || c == '\\')
	    out << '\\';
	  out << c;
      if (must_quote)
	out << '\"';

    // Render the option args into a string format such that it could be parsed back to
    // the equivalent option args.
    std::string escape(const bool csv) const
      std::ostringstream out;
      bool more = false;
      for (std::vector<std::string>::const_iterator i = data.begin(); i != data.end(); ++i)
	  const std::string& term = *i;
	  const bool must_quote = must_quote_string(term, csv);
	  if (more)
	    out << ' ';
	  escape_string(out, term, must_quote);
	  more = true;
      return out.str();

    // delegate to data
    size_t size() const { return data.size(); }
    bool empty() const { return data.empty(); }
    void push_back(const std::string& item) { data.push_back(item); }
    void push_back(std::string&& item) { data.push_back(std::move(item)); }
    void clear() { data.clear(); }
    void reserve(const size_t n) { data.reserve(n); }
    void resize(const size_t n) { data.resize(n); }

    // raw references to data
    const std::string& ref(const size_t i) const { return data[i]; }
    std::string& ref(const size_t i) { return data[i]; }

    // equality
    bool operator==(const Option& other) const { return data ==; }
    bool operator!=(const Option& other) const { return data !=; }

    // remove first n elements
    void remove_first(const size_t n_elements)
      const size_t n = std::min(data.size(), n_elements);
      if (n)
	data.erase(data.begin(), data.begin() + n);

    // indicate that this option was processed
    void touch() const
      // Note that we violate constness here, which is done
      // because the touched bit is considered to be option metadata.
      touched_ = true;

    // was this option processed?
    bool touched() const { return touched_; }

    // refer to the option when constructing an error message
    std::string err_ref() const
      std::string ret = "option";
      if (data.size())
	  ret += " '";
	  ret += printable_directive();
	  ret += '\'';
      return ret;

    void from_list(std::string arg)

    void from_list(const char *arg)

    template<typename T, typename... Args>
    void from_list(T first, Args... args)

    template <typename T>
    void range_error(const size_t idx, const T min_value, const T max_value) const
      OPENVPN_THROW(option_error, err_ref() << '[' << idx << "] must be in the range [" << min_value << ',' << max_value << ']');

    bool must_quote_string(const std::string& str, const bool csv) const
      for (const auto c : str)
	  if (string::is_space(c))
	    return true;
	  if (csv && c == ',')
	    return true;
      return false;

    volatile mutable bool touched_ = false;
    std::vector<std::string> data;

  class OptionList : public std::vector<Option>, public RCCopyable<thread_unsafe_refcount>
    typedef RCPtr<OptionList> Ptr;
    typedef std::vector<unsigned int> IndexList;
    typedef std::unordered_map<std::string, IndexList> IndexMap;
    typedef std::pair<std::string, IndexList> IndexPair;

    static bool is_comment(const char c)
      return c == '#' || c == ';';

    // standard lex filter that doesn't understand end-of-line comments
    typedef StandardLex Lex;

    // special lex filter that recognizes end-of-line comments
    class LexComment
      LexComment() : in_quote_(false), in_comment(false), backslash(false), ch(-1) {}

      void put(char c)
	if (in_comment)
	    ch = -1;
	else if (backslash)
	    ch = c;
	    backslash = false;
	else if (c == '\\')
	    backslash = true;
	    ch = -1;
	else if (c == '\"')
	    in_quote_ = !in_quote_;
	    ch = -1;
	else if (is_comment(c) && !in_quote_)
	    in_comment = true;
	    ch = -1;
	    ch = c;

      bool available() const { return ch != -1; }
      int get() const { return ch; }
      void reset() { ch = -1; }

      bool in_quote() const { return in_quote_; }

      bool in_quote_;
      bool in_comment;
      bool backslash;
      int ch;

    class Limits
      Limits(const std::string& error_message,
	     const std::uint64_t max_bytes_arg,
	     const size_t extra_bytes_per_opt_arg,
	     const size_t extra_bytes_per_term_arg,
	     const size_t max_line_len_arg,
	     const size_t max_directive_len_arg)
	: bytes(0),
	  err(error_message) {}

      void add_bytes(const size_t n)
	bytes += n;

      void add_string(const std::string& str)
	bytes += str.length();

      void add_term()
	bytes += extra_bytes_per_term;

      void add_opt()
	bytes += extra_bytes_per_opt;

      size_t get_max_line_len() const
	return max_line_len;

      std::uint64_t get_bytes() const
	return bytes;

      void validate_directive(const Option& opt)
	opt.validate_arg(0, max_directive_len);

      void check_overflow()
	if (bytes >= max_bytes)

      void error()
	throw option_error(err);

      std::uint64_t bytes;
      const std::uint64_t max_bytes;
      const size_t extra_bytes_per_opt;
      const size_t extra_bytes_per_term;
      const size_t max_line_len;
      const size_t max_directive_len;
      const std::string err;

    // Used by extend() to optionally control which options are copied.
    struct FilterBase : public RC<thread_unsafe_refcount>
      typedef RCPtr<FilterBase> Ptr;
      virtual bool filter(const Option& opt) = 0;

    class KeyValue : public RC<thread_unsafe_refcount>
      typedef RCPtr<KeyValue> Ptr;

      KeyValue() : key_priority(0) {}
      KeyValue(const std::string& key_arg, const std::string& value_arg, const int key_priority_arg=0)
	: key(key_arg), value(value_arg), key_priority(key_priority_arg) {}

      size_t combined_length() const
	return key.length() + value.length();

      Option convert_to_option(Limits* lim) const
	bool newline_present = false;
	Option opt;
	const std::string unesc_value = unescape(value, newline_present);
	if (newline_present || singular_arg(key))
	else if (unesc_value != "NOARGS")
	  Split::by_space_void<Option, Lex, SpaceMatch, Limits>(opt, unesc_value, lim);
	return opt;

      void split_priority()
	// look for usage such as: remote.7
	const size_t dp = key.find_last_of(".");
	if (dp != std::string::npos)
	    const size_t tp = dp + 1;
	    if (tp < key.length())
		const char *tail = key.c_str() + tp;
		try {
		  key_priority = parse_number_throw<int>(tail, "option priority");
		  key = key.substr(0, dp);
		catch (const number_parse_exception&)

      static bool compare(const Ptr& a, const Ptr& b)
	const int cmp = a->>key);
	if (cmp < 0)
	  return true;
	else if (cmp > 0)
	  return false;
	  return a->key_priority < b->key_priority;

      std::string key;
      std::string value;
      int key_priority;

      static std::string unescape(const std::string& value, bool& newline_present)
	std::string ret;

	bool bs = false;
	for (size_t i = 0; i < value.length(); ++i)
	    const char c = value[i];
	    if (bs)
		if (c == 'n')
		    ret += '\n';
		    newline_present = true;
		else if (c == '\\')
		  ret += '\\';
		    ret += '\\';
		    ret += c;
		bs = false;
		if (c == '\\')
		  bs = true;
		  ret += c;
	if (bs)
	  ret += '\\';
	return ret;

      static bool singular_arg(const std::string& key)
	bool upper = false;
	bool lower = false;
	for (size_t i = 0; i < key.length(); ++i)
	    const char c = key[i];
	    if (c >= 'a' && c <= 'z')
	      lower = true;
	    else if (c >= 'A' && c <= 'Z')
	      upper = true;
	return upper && !lower;

    struct KeyValueList : public std::vector<KeyValue::Ptr>
      void preprocess()

      void split_priority()
	for (iterator i = begin(); i != end(); ++i)
	    KeyValue& kv = **i;

      void sort()
	std::sort(begin(), end(), KeyValue::compare);


    template<typename T, typename... Args>
    explicit OptionList(T first, Args... args)
      reserve(1 + sizeof...(args));
      from_list(std::move(first), std::forward<Args>(args)...);

    static OptionList parse_from_csv_static(const std::string& str, Limits* lim)
      OptionList ret;
      ret.parse_from_csv(str, lim);
      return ret;

    static OptionList parse_from_csv_static_nomap(const std::string& str, Limits* lim)
      OptionList ret;
      ret.parse_from_csv(str, lim);
      return ret;

    static OptionList parse_from_config_static(const std::string& str, Limits* lim)
      OptionList ret;
      ret.parse_from_config(str, lim);
      return ret;

    static OptionList::Ptr parse_from_config_static_ptr(const std::string& str, Limits* lim)
      OptionList::Ptr ret = new OptionList();
      ret->parse_from_config(str, lim);
      return ret;

    static OptionList parse_from_argv_static(const std::vector<std::string>& argv)
      OptionList ret;
      return ret;

    void clear()

    // caller should call update_map() after this function
    void parse_from_csv(const std::string& str, Limits* lim)
      if (lim)
      std::vector<std::string> list = Split::by_char<std::vector<std::string>, Lex, Limits>(str, ',', 0, ~0, lim);
      for (std::vector<std::string>::const_iterator i = list.begin(); i != list.end(); ++i)
	  const Option opt = Split::by_space<Option, Lex, SpaceMatch, Limits>(*i, lim);
	  if (opt.size())
	      if (lim)

    // caller should call update_map() after this function
    void parse_from_argv(const std::vector<std::string>& argv)
      Option opt;
      for (auto &arg : argv)
	  std::string a = arg;
	  if (string::starts_with(a, "--"))
	      if (!opt.empty())
	      a = a.substr(2);
	  if (!a.empty())
      if (!opt.empty())

    // caller should call update_map() after this function
    void parse_from_peer_info(const std::string& str, Limits* lim)
      if (lim)
      SplitLines in(str, 0);
      while (in(true))
	  const std::string& line = in.line_ref();
	  Option opt;
	  Split::by_char_void<Option, NullLex, Limits>(opt, line, '=', 0, 1, lim);
	  if (opt.size())
	      if (lim)

    // caller may want to call list.preprocess() before this function
    // caller should call update_map() after this function
    void parse_from_key_value_list(const KeyValueList& list, Limits* lim)
      for (KeyValueList::const_iterator i = list.begin(); i != list.end(); ++i)
	  const KeyValue& kv = **i;
	  if (lim)
	  const Option opt = kv.convert_to_option(lim);
	  if (lim)

    static Option parse_option_from_line(const std::string& line, Limits* lim)
      return Split::by_space<Option, LexComment, SpaceMatch, Limits>(line, lim);

    // caller should call update_map() after this function
    void parse_from_config(const std::string& str, Limits* lim)
      if (lim)

      SplitLines in(str, lim ? lim->get_max_line_len() : 0);
      int line_num = 0;
      bool in_multiline = false;
      Option multiline;
      while (in(true))
	  if (in.line_overflow())
	  const std::string& line = in.line_ref();
	  if (in_multiline)
	      if (is_close_tag(line, multiline.ref(0)))
		  if (lim)
		  in_multiline = false;
		  std::string& mref = multiline.ref(1);
		  mref += line;
		  mref += '\n';
	  else if (!ignore_line(line))
	      Option opt = parse_option_from_line(line, lim);
	      if (opt.size())
		  if (is_open_tag(opt.ref(0)))
		      if (opt.size() > 1)
			extraneous_err(line_num, "option", opt);
		      multiline = opt;
		      in_multiline = true;
		      if (lim)
      if (in_multiline)
	not_closed_out_err("option", multiline);
    // caller should call update_map() after this function
    void parse_meta_from_config(const std::string& str, const std::string& tag, Limits* lim)
      SplitLines in(str, lim ? lim->get_max_line_len() : 0);
      int line_num = 0;
      bool in_multiline = false;
      Option multiline;
      const std::string prefix = tag + "_";
      while (in(true))
	  if (in.line_overflow())
	  std::string& line = in.line_ref();
	  if (string::starts_with(line, "# "))
	      line = std::string(line, 2);
	      if (in_multiline)
		  if (is_close_meta_tag(line, prefix, multiline.ref(0)))
		      if (lim)
		      in_multiline = false;
		      std::string& mref = multiline.ref(1);
		      mref += line;
		      mref += '\n';
	      else if (string::starts_with(line, prefix))
		  Option opt = Split::by_char<Option, NullLex, Limits>(std::string(line, prefix.length()), '=', 0, 1, lim);
		  if (opt.size())
		      if (is_open_meta_tag(opt.ref(0)))
			  if (opt.size() > 1)
			    extraneous_err(line_num, "meta option", opt);
			  multiline = opt;
			  in_multiline = true;
			  if (lim)
      if (in_multiline)
	not_closed_out_err("meta option", multiline);

    // Append elements in other to self,
    // caller should call update_map() after this function.
    void extend(const OptionList& other, FilterBase* filt)
      reserve(size() + other.size());
      for (std::vector<Option>::const_iterator i = other.begin(); i != other.end(); ++i)
	  const Option& opt = *i;
	  if (!filt || filt->filter(opt))

    // Append elements in other having given name to self,
    // caller should call update_map() after this function.
    // Return the number of elements processed.
    unsigned int extend(const OptionList& other, const std::string& name)
      IndexMap::const_iterator oi =;
      unsigned int count = 0;
      if (oi !=
	for (IndexList::const_iterator i = oi->second.begin(); i != oi->second.end(); ++i)
	    const Option& opt = other[*i];
      return count;

    // Append to self only those elements in other that do not exist
    // in self, caller should call update_map() after this function.
    // Caller should also consider calling update_map() before this function,
    // to ensure that lookups on this->map will see up-to-date data.
    void extend_nonexistent(const OptionList& other)
      for (std::vector<Option>::const_iterator i = other.begin(); i != other.end(); ++i)
	  const Option& opt = *i;
	  if (!opt.empty() && map().find(opt.ref(0)) == map().end())

    // Get the last instance of an option, or return nullptr if option
    // doesn't exist.
    const Option* get_ptr(const std::string& name) const
      IndexMap::const_iterator e = map_.find(name);
      if (e != map_.end())
	  const size_t size = e->second.size();
	  if (size)
	      const Option* ret = &((*this)[e->second[size-1]]);
	      return ret;
      return nullptr;

    // Get an option, return nullptr if option doesn't exist, or
    // throw an error if more than one instance exists.
    const Option* get_unique_ptr(const std::string& name) const
      IndexMap::const_iterator e = map_.find(name);
      if (e != map_.end() && !e->second.empty())
	  if (e->second.size() == 1)
	      const Option* ret = &((*this)[e->second[0]]);
	      return ret;
	    OPENVPN_THROW(option_error, "more than one instance of option '" << name << '\'');
	return nullptr;

    // Get an option, throw an error if more than one instance exists and the instances
    // are not exact duplicates of one other.
    const Option* get_consistent(const std::string& name) const
      IndexMap::const_iterator e = map_.find(name);
      if (e != map_.end() && !e->second.empty())
	  const Option *first = &((*this)[e->second[0]]);
	  if (e->second.size() >= 2)
	      for (size_t i = 1; i < e->second.size(); ++i)
		  const Option *other = &(*this)[e->second[i]];
		  if (*other != *first)
		    OPENVPN_THROW(option_error, "more than one instance of option '" << name << "' with inconsistent argument(s)");
	  return first;
	return nullptr;

    // Get option, throw error if not found
    // If multiple options of the same name exist, return
    // the last one.
    const Option& get(const std::string& name) const
      const Option* o = get_ptr(name);
      if (o)
	return *o;
	OPENVPN_THROW(option_error, "option '" << name << "' not found");

    // Get the list of options having the same name (by index),
    // throw an exception if option is not found.
    const IndexList& get_index(const std::string& name) const
      IndexMap::const_iterator e = map_.find(name);
      if (e != map_.end() && !e->second.empty())
	return e->second;
	OPENVPN_THROW(option_error, "option '" << name << "' not found");

    // Get the list of options having the same name (by index),
    // return nullptr is option is not found.
    const IndexList* get_index_ptr(const std::string& name) const
      IndexMap::const_iterator e = map_.find(name);
      if (e != map_.end() && !e->second.empty())
	return &e->second;
	return nullptr;

    // Concatenate all one-arg directives of a given name, in index order.
    std::string cat(const std::string& name) const
      std::string ret;
      const OptionList::IndexList* il = get_index_ptr(name);
      if (il)
	  size_t size = 0;
	  OptionList::IndexList::const_iterator i;
	  for (i = il->begin(); i != il->end(); ++i)
	      const Option& o = (*this)[*i];
	      if (o.size() == 2)
		size += o.ref(1).length() + 1;
		OPENVPN_THROW(option_error, "option '" << name << "' (" << o.size() << ") must have exactly one parameter");
	  for (i = il->begin(); i != il->end(); ++i)
	      const Option& o = (*this)[*i];
	      if (o.size() >= 2)
		  ret += o.ref(1);
		  string::add_trailing(ret, '\n');
      return ret;

    // Return true if option exists, but raise an exception if multiple
    // instances of the option exist.
    bool exists_unique(const std::string& name) const
      return get_unique_ptr(name) != nullptr;

    // Return true if one or more instances of a given option exist.
    bool exists(const std::string& name) const
      return get_ptr(name) != nullptr;

    // Convenience method that gets a particular argument index within an option,
    // while raising an exception if option doesn't exist or if argument index
    // is out-of-bounds.
    const std::string& get(const std::string& name, size_t index, const size_t max_len) const
      const Option& o = get(name);
      return o.get(index, max_len);

    // Convenience method that gets a particular argument index within an option,
    // while returning the empty string if option doesn't exist, and raising an
    // exception if argument index is out-of-bounds.
    std::string get_optional(const std::string& name, size_t index, const size_t max_len) const
      const Option* o = get_ptr(name);
      if (o)
	return o->get(index, max_len);
	return "";

    // Like get_optional(), but return "" if argument index is out-of-bounds.
    std::string get_optional_relaxed(const std::string& name, size_t index, const size_t max_len) const
      const Option* o = get_ptr(name);
      if (o)
	return o->get_optional(index, max_len);
	return "";

    // Like get_optional(), but return "" if exception is thrown.
    std::string get_optional_noexcept(const std::string& name, size_t index, const size_t max_len) const
      try {
	return get_optional(name, index, max_len);
      catch (const std::exception&)
	  return "";

    // Return raw C string to option data or nullptr if option doesn't exist.
    const char *get_c_str(const std::string& name, size_t index, const size_t max_len) const
      const Option* o = get_ptr(name);
      if (o)
	return o->get(index, max_len).c_str();
	return nullptr;

    // Convenience method that gets a particular argument index within an option,
    // while returning a default string if option doesn't exist, and raising an
    // exception if argument index is out-of-bounds.
    std::string get_default(const std::string& name,
			    size_t index,
			    const size_t max_len,
			    const std::string& default_value) const
      const Option* o = get_ptr(name);
      if (o)
	return o->get(index, max_len);
	return default_value;

    // Like get_default(), but return default_value if argument index is out-of-bounds.
    std::string get_default_relaxed(const std::string& name,
				    size_t index,
				    const size_t max_len,
				    const std::string& default_value) const
      const Option* o = get_ptr(name);
      if (o)
	  const std::string* s = o->get_ptr(index, max_len);
	  if (s)
	    return *s;
      return default_value;

    template <typename T>
    T get_num(const std::string& name, const size_t idx, const T default_value) const
      typedef typename std::remove_const<T>::type T_nonconst;
      T_nonconst n = default_value;
      const Option* o = get_ptr(name);
      if (o)
	n = o->get_num<T>(idx, default_value);
      return n;

    template <typename T>
    T get_num(const std::string& name, const size_t idx, const T default_value,
	      const T min_value, const T max_value) const
      typedef typename std::remove_const<T>::type T_nonconst;
      T_nonconst n = default_value;
      const Option* o = get_ptr(name);
      if (o)
	n = o->get_num<T>(idx, default_value, min_value, max_value);
      return n;

    template <typename T>
    T get_num(const std::string& name, const size_t idx, const T min_value, const T max_value) const
      const Option& o = get(name);
      return o.get_num<T>(idx, min_value, max_value);

    template <typename T>
    T get_num(const std::string& name, const size_t idx) const
      const Option& o = get(name);
      return o.get_num<T>(idx);

    // Touch an option, if it exists.
    void touch(const std::string& name) const
      const Option* o = get_ptr(name);
      if (o)

    // Render object as a string.
    // flags should be given as Option::render_flags.
    std::string render(const unsigned int flags) const
      std::ostringstream out;
      for (size_t i = 0; i < size(); ++i)
	  const Option& o = (*this)[i];
	  if (!(flags & Option::RENDER_UNUSED) || !o.touched())
	      if (flags & Option::RENDER_NUMBER)
		out << i << ' ';
	      out << o.render(flags) << std::endl;
      return out.str();

    std::string render_csv() const
      std::string ret;
      bool first = true;
      for (auto &e : *this)
	  if (!first)
	    ret += ',';
	  ret += e.escape(true);
	  first = false;
      return ret;

    // Render contents of hash map used to locate options after underlying option list
    // has been modified.
    std::string render_map() const
      std::ostringstream out;
      for (IndexMap::const_iterator i = map_.begin(); i != map_.end(); ++i)
	  out << i->first << " [";
	  for (IndexList::const_iterator j = i->second.begin(); j != i->second.end(); ++j)
	    out << ' ' << *j;
	  out << " ]" << std::endl;
      return out.str();

    // Return number of unused options based on the notion that
    // all used options have been touched.
    size_t n_unused() const
      size_t n = 0;
      for (std::vector<Option>::const_iterator i = begin(); i != end(); ++i)
	  const Option& opt = *i;
	  if (!opt.touched())
      return n;

    void show_unused_options(const char *title=nullptr) const
      // show unused options
      if (n_unused())
	  if (!title)
	    title = "NOTE: Unused Options";
	  OPENVPN_LOG_NTNL(title << std::endl << render(Option::RENDER_TRUNC_64|Option::RENDER_NUMBER|Option::RENDER_BRACKET|Option::RENDER_UNUSED));

    // Add item to underlying option list while updating map as well.
    void add_item(const Option& opt) 
      if (!opt.empty())
	  const size_t i = size();
	  map_[opt.ref(0)].push_back((unsigned int)i);

    // Return hash map used to locate options.
    const IndexMap& map() const { return map_; }

    // Rebuild hash map used to locate options after underlying option list
    // has been modified.
    void update_map()
      for (size_t i = 0; i < size(); ++i)
	  const Option& opt = (*this)[i];
	  if (!opt.empty())
	    map_[opt.ref(0)].push_back((unsigned int)i);

    // return true if line is blank or a comment
    static bool ignore_line(const std::string& line)
      for (std::string::const_iterator i = line.begin(); i != line.end(); ++i)
	  const char c = *i;
	  if (!SpaceMatch::is_space(c))
	    return is_comment(c);
      return true;

    // multiline tagging

    // return true if string is a tag, e.g. "<ca>"
    static bool is_open_tag(const std::string& str)
      const size_t n = str.length();
      return n >= 3 && str[0] == '<' && str[1] != '/' && str[n-1] == '>';

    // return true if string is a close tag, e.g. "</ca>"
    static bool is_close_tag(const std::string& str, const std::string& tag)
      const size_t n = str.length();
      return n >= 4 && str[0] == '<' && str[1] == '/' && str.substr(2, n-3) == tag && str[n-1] == '>';

    // remove <> chars from open tag
    static void untag_open_tag(std::string& str)
      const size_t n = str.length();
      if (n >= 3)
	str = str.substr(1, n-2);

    // detect multiline breakout attempt (return true)
    static bool detect_multiline_breakout_nothrow(const std::string& opt, const std::string& tag)
      std::string line;
      for (auto &c : opt)
	  if (c == '\n' || c == '\r')
	      line += c;
	      if (tag.empty())
		  if (line.length() >= 2
		      && line[0] == '<'
		      && line[1] == '/')
		    return true;
	      else if (is_close_tag(line, tag))
		return true;
      return false;

    // detect multiline breakout attempt
    static void detect_multiline_breakout(const std::string& opt, const std::string& tag)
      if (detect_multiline_breakout_nothrow(opt, tag))
	throw option_error("multiline breakout detected");

    // multiline tagging (meta)

    // return true if string is a meta tag, e.g. WEB_CA_BUNDLE_START
    static bool is_open_meta_tag(const std::string& str)
      return string::ends_with(str, "_START");

    // return true if string is a tag, e.g. WEB_CA_BUNDLE_STOP
    static bool is_close_meta_tag(const std::string& str, const std::string& prefix, const std::string& tag)
      return prefix + tag + "_STOP" == str;

    // remove trailing "_START" from open tag
    static void untag_open_meta_tag(std::string& str)
      const size_t n = str.length();
      if (n >= 6)
	str = std::string(str, 0, n - 6);

    static void extraneous_err(const int line_num, const char *type, const Option& opt)
      OPENVPN_THROW(option_error, "line " << line_num << ": " << type << " <" << opt.printable_directive() << "> is followed by extraneous text");

    static void not_closed_out_err(const char *type, const Option& opt)
      OPENVPN_THROW(option_error, type << " <" << opt.printable_directive() << "> was not properly closed out");

    static void line_too_long(const int line_num)
      OPENVPN_THROW(option_error, "line " << line_num << " is too long");

    void from_list(Option opt)

    template<typename T, typename... Args>
    void from_list(T first, Args... args)

    IndexMap map_;

} // namespace openvpn