vici: Optionally check limits when initiating connections
authorTobias Brunner <tobias@strongswan.org>
Thu, 16 Jul 2015 15:56:16 +0000 (17:56 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 21 Aug 2015 16:21:13 +0000 (18:21 +0200)
If the init-limits parameter is set (disabled by default) init limits
will be checked and might prevent new SAs from getting initiated.

src/libcharon/plugins/vici/README.md
src/libcharon/plugins/vici/vici_control.c

index 1273bb8..e20e8ab 100644 (file)
@@ -259,6 +259,7 @@ Initiates an SA while streaming _control-log_ events.
        {
                child = <CHILD_SA configuration name to initiate>
                timeout = <timeout in seconds before returning>
+               init-limits = <whether limits may prevent initiating the CHILD_SA>
                loglevel = <loglevel to issue "control-log" events for>
        } => {
                success = <yes or no>
index 158e3d1..752007c 100644 (file)
@@ -163,6 +163,7 @@ CALLBACK(initiate, vici_message_t*,
        peer_cfg_t *peer_cfg;
        char *child;
        u_int timeout;
+       bool limits;
        log_info_t log = {
                .dispatcher = this->dispatcher,
                .id = id,
@@ -170,6 +171,7 @@ CALLBACK(initiate, vici_message_t*,
 
        child = request->get_str(request, NULL, "child");
        timeout = request->get_int(request, 0, "timeout");
+       limits = request->get_bool(request, FALSE, "init-limits");
        log.level = request->get_int(request, 1, "loglevel");
 
        if (!child)
@@ -185,13 +187,16 @@ CALLBACK(initiate, vici_message_t*,
                return send_reply(this, "CHILD_SA config '%s' not found", child);
        }
        switch (charon->controller->initiate(charon->controller, peer_cfg,
-                                       child_cfg, (controller_cb_t)log_vici, &log, timeout, FALSE))
+                               child_cfg, (controller_cb_t)log_vici, &log, timeout, limits))
        {
                case SUCCESS:
                        return send_reply(this, NULL);
                case OUT_OF_RES:
                        return send_reply(this, "CHILD_SA '%s' not established after %dms",
                                                          child, timeout);
+               case INVALID_STATE:
+                       return send_reply(this, "establishing CHILD_SA '%s' not possible "
+                                                         "at the moment due to limits", child);
                case FAILED:
                default:
                        return send_reply(this, "establishing CHILD_SA '%s' failed", child);