vici: Optionally check limits when initiating connections

If the init-limits parameter is set (disabled by default) init limits
will be checked and might prevent new SAs from getting initiated.

src/libcharon/plugins/vici/README.md

@@ -259,6 +259,7 @@ Initiates an SA while streaming _control-log_ events.
 	{
 		child = <CHILD_SA configuration name to initiate>
 		timeout = <timeout in seconds before returning>
+		init-limits = <whether limits may prevent initiating the CHILD_SA>
 		loglevel = <loglevel to issue "control-log" events for>
 	} => {
 		success = <yes or no>

src/libcharon/plugins/vici/vici_control.c

@@ -163,6 +163,7 @@ CALLBACK(initiate, vici_message_t*,
 	peer_cfg_t *peer_cfg;
 	char *child;
 	u_int timeout;
+	bool limits;
 	log_info_t log = {
 		.dispatcher = this->dispatcher,
 		.id = id,
@@ -170,6 +171,7 @@ CALLBACK(initiate, vici_message_t*,
 
 	child = request->get_str(request, NULL, "child");
 	timeout = request->get_int(request, 0, "timeout");
+	limits = request->get_bool(request, FALSE, "init-limits");
 	log.level = request->get_int(request, 1, "loglevel");
 
 	if (!child)
@@ -185,13 +187,16 @@ CALLBACK(initiate, vici_message_t*,
 		return send_reply(this, "CHILD_SA config '%s' not found", child);
 	}
 	switch (charon->controller->initiate(charon->controller, peer_cfg,
-					child_cfg, (controller_cb_t)log_vici, &log, timeout, FALSE))
+				child_cfg, (controller_cb_t)log_vici, &log, timeout, limits))
 	{
 		case SUCCESS:
 			return send_reply(this, NULL);
 		case OUT_OF_RES:
 			return send_reply(this, "CHILD_SA '%s' not established after %dms",
 							  child, timeout);
+		case INVALID_STATE:
+			return send_reply(this, "establishing CHILD_SA '%s' not possible "
+							  "at the moment due to limits", child);
 		case FAILED:
 		default:
 			return send_reply(this, "establishing CHILD_SA '%s' failed", child);