diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-07-16 17:56:16 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-08-21 18:21:13 +0200 |
| commit | 256e666d2235718a3711cf7ad9634354c10f7a7e (patch) | |
| tree | cc5798460efe4618077e8b17694ed6340071b6d4 /src | |
| parent | b9d7319fb349d7be6ae499781d0f75613101a9ef (diff) | |
| download | strongswan-256e666d2235718a3711cf7ad9634354c10f7a7e.tar.bz2 strongswan-256e666d2235718a3711cf7ad9634354c10f7a7e.tar.xz | |
vici: Optionally check limits when initiating connections
If the init-limits parameter is set (disabled by default) init limits
will be checked and might prevent new SAs from getting initiated.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/vici/README.md | 1 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_control.c | 7 |
2 files changed, 7 insertions, 1 deletions
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 1273bb8fc..e20e8ab26 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -259,6 +259,7 @@ Initiates an SA while streaming _control-log_ events. { child = <CHILD_SA configuration name to initiate> timeout = <timeout in seconds before returning> + init-limits = <whether limits may prevent initiating the CHILD_SA> loglevel = <loglevel to issue "control-log" events for> } => { success = <yes or no> diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c index 158e3d139..752007c24 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -163,6 +163,7 @@ CALLBACK(initiate, vici_message_t*, peer_cfg_t *peer_cfg; char *child; u_int timeout; + bool limits; log_info_t log = { .dispatcher = this->dispatcher, .id = id, @@ -170,6 +171,7 @@ CALLBACK(initiate, vici_message_t*, child = request->get_str(request, NULL, "child"); timeout = request->get_int(request, 0, "timeout"); + limits = request->get_bool(request, FALSE, "init-limits"); log.level = request->get_int(request, 1, "loglevel"); if (!child) @@ -185,13 +187,16 @@ CALLBACK(initiate, vici_message_t*, return send_reply(this, "CHILD_SA config '%s' not found", child); } switch (charon->controller->initiate(charon->controller, peer_cfg, - child_cfg, (controller_cb_t)log_vici, &log, timeout, FALSE)) + child_cfg, (controller_cb_t)log_vici, &log, timeout, limits)) { case SUCCESS: return send_reply(this, NULL); case OUT_OF_RES: return send_reply(this, "CHILD_SA '%s' not established after %dms", child, timeout); + case INVALID_STATE: + return send_reply(this, "establishing CHILD_SA '%s' not possible " + "at the moment due to limits", child); case FAILED: default: return send_reply(this, "establishing CHILD_SA '%s' failed", child); |