aboutsummaryrefslogtreecommitdiffstats
path: root/main/strongswan/0005-vici-Optionally-check-limits-when-initiating-connect.patch
blob: 2ff236b06ce5385b31e3d5523f284680cd5cf0f7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
From 364a0b4922fb1dbbc584b341e945bf1b91d1d689 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 16 Jul 2015 17:56:16 +0200
Subject: [PATCH] vici: Optionally check limits when initiating connections

If the init-limits parameter is set (disabled by default) init limits
will be checked and might prevent new SAs from getting initiated.
---
 src/libcharon/plugins/vici/README.md      | 1 +
 src/libcharon/plugins/vici/vici_control.c | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 0ce4271..71356fb 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -259,6 +259,7 @@ Initiates an SA while streaming _control-log_ events.
 	{
 		child = <CHILD_SA configuration name to initiate>
 		timeout = <timeout in seconds before returning>
+		init-limits = <whether limits may prevent initiating the CHILD_SA>
 		loglevel = <loglevel to issue "control-log" events for>
 	} => {
 		success = <yes or no>
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index e568239..88574f8 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -163,6 +163,7 @@ CALLBACK(initiate, vici_message_t*,
 	peer_cfg_t *peer_cfg;
 	char *child;
 	u_int timeout;
+	bool limits;
 	log_info_t log = {
 		.dispatcher = this->dispatcher,
 		.id = id,
@@ -170,6 +171,7 @@ CALLBACK(initiate, vici_message_t*,
 
 	child = request->get_str(request, NULL, "child");
 	timeout = request->get_int(request, 0, "timeout");
+	limits = request->get_bool(request, FALSE, "init-limits");
 	log.level = request->get_int(request, 1, "loglevel");
 
 	if (!child)
@@ -185,13 +187,16 @@ CALLBACK(initiate, vici_message_t*,
 		return send_reply(this, "CHILD_SA config '%s' not found", child);
 	}
 	switch (charon->controller->initiate(charon->controller, peer_cfg,
-					child_cfg, (controller_cb_t)log_vici, &log, timeout, FALSE))
+				child_cfg, (controller_cb_t)log_vici, &log, timeout, limits))
 	{
 		case SUCCESS:
 			return send_reply(this, NULL);
 		case OUT_OF_RES:
 			return send_reply(this, "CHILD_SA '%s' not established after %dms",
 							  child, timeout);
+		case INVALID_STATE:
+			return send_reply(this, "establishing CHILD_SA '%s' not possible "
+							  "at the moment due to limits", child);
 		case FAILED:
 		default:
 			return send_reply(this, "establishing CHILD_SA '%s' failed", child);
-- 
2.4.5