diff options
Diffstat (limited to 'main/strongswan/0204-vici-Optionally-check-limits-when-initiating-connect.patch')
| -rw-r--r-- | main/strongswan/0204-vici-Optionally-check-limits-when-initiating-connect.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/main/strongswan/0204-vici-Optionally-check-limits-when-initiating-connect.patch b/main/strongswan/0204-vici-Optionally-check-limits-when-initiating-connect.patch new file mode 100644 index 0000000000..f904af30be --- /dev/null +++ b/main/strongswan/0204-vici-Optionally-check-limits-when-initiating-connect.patch @@ -0,0 +1,65 @@ +From 2d4671feca3d2d17bfa2d846cc170478f18a8fcc Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Thu, 16 Jul 2015 17:56:16 +0200 +Subject: [PATCH] vici: Optionally check limits when initiating connections + +If the init-limits parameter is set (disabled by default) init limits +will be checked and might prevent new SAs from getting initiated. +--- + src/libcharon/plugins/vici/README.md | 1 + + src/libcharon/plugins/vici/vici_control.c | 7 ++++++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md +index 0ce4271..71356fb 100644 +--- a/src/libcharon/plugins/vici/README.md ++++ b/src/libcharon/plugins/vici/README.md +@@ -259,6 +259,7 @@ Initiates an SA while streaming _control-log_ events. + { + child = <CHILD_SA configuration name to initiate> + timeout = <timeout in seconds before returning> ++ init-limits = <whether limits may prevent initiating the CHILD_SA> + loglevel = <loglevel to issue "control-log" events for> + } => { + success = <yes or no> +diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c +index e568239..88574f8 100644 +--- a/src/libcharon/plugins/vici/vici_control.c ++++ b/src/libcharon/plugins/vici/vici_control.c +@@ -163,6 +163,7 @@ CALLBACK(initiate, vici_message_t*, + peer_cfg_t *peer_cfg; + char *child; + u_int timeout; ++ bool limits; + log_info_t log = { + .dispatcher = this->dispatcher, + .id = id, +@@ -170,6 +171,7 @@ CALLBACK(initiate, vici_message_t*, + + child = request->get_str(request, NULL, "child"); + timeout = request->get_int(request, 0, "timeout"); ++ limits = request->get_bool(request, FALSE, "init-limits"); + log.level = request->get_int(request, 1, "loglevel"); + + if (!child) +@@ -185,13 +187,16 @@ CALLBACK(initiate, vici_message_t*, + return send_reply(this, "CHILD_SA config '%s' not found", child); + } + switch (charon->controller->initiate(charon->controller, peer_cfg, +- child_cfg, (controller_cb_t)log_vici, &log, timeout, FALSE)) ++ child_cfg, (controller_cb_t)log_vici, &log, timeout, limits)) + { + case SUCCESS: + return send_reply(this, NULL); + case OUT_OF_RES: + return send_reply(this, "CHILD_SA '%s' not established after %dms", + child, timeout); ++ case INVALID_STATE: ++ return send_reply(this, "establishing CHILD_SA '%s' not possible " ++ "at the moment due to limits", child); + case FAILED: + default: + return send_reply(this, "establishing CHILD_SA '%s' failed", child); +-- +2.4.6 + |