vici: Optionally check limits when initiating connections
If the init-limits parameter is set (disabled by default) init limits will be checked and might prevent new SAs from getting initiated.
This commit is contained in:
parent
b9d7319fb3
commit
256e666d22
|
@ -259,6 +259,7 @@ Initiates an SA while streaming _control-log_ events.
|
||||||
{
|
{
|
||||||
child = <CHILD_SA configuration name to initiate>
|
child = <CHILD_SA configuration name to initiate>
|
||||||
timeout = <timeout in seconds before returning>
|
timeout = <timeout in seconds before returning>
|
||||||
|
init-limits = <whether limits may prevent initiating the CHILD_SA>
|
||||||
loglevel = <loglevel to issue "control-log" events for>
|
loglevel = <loglevel to issue "control-log" events for>
|
||||||
} => {
|
} => {
|
||||||
success = <yes or no>
|
success = <yes or no>
|
||||||
|
|
|
@ -163,6 +163,7 @@ CALLBACK(initiate, vici_message_t*,
|
||||||
peer_cfg_t *peer_cfg;
|
peer_cfg_t *peer_cfg;
|
||||||
char *child;
|
char *child;
|
||||||
u_int timeout;
|
u_int timeout;
|
||||||
|
bool limits;
|
||||||
log_info_t log = {
|
log_info_t log = {
|
||||||
.dispatcher = this->dispatcher,
|
.dispatcher = this->dispatcher,
|
||||||
.id = id,
|
.id = id,
|
||||||
|
@ -170,6 +171,7 @@ CALLBACK(initiate, vici_message_t*,
|
||||||
|
|
||||||
child = request->get_str(request, NULL, "child");
|
child = request->get_str(request, NULL, "child");
|
||||||
timeout = request->get_int(request, 0, "timeout");
|
timeout = request->get_int(request, 0, "timeout");
|
||||||
|
limits = request->get_bool(request, FALSE, "init-limits");
|
||||||
log.level = request->get_int(request, 1, "loglevel");
|
log.level = request->get_int(request, 1, "loglevel");
|
||||||
|
|
||||||
if (!child)
|
if (!child)
|
||||||
|
@ -185,13 +187,16 @@ CALLBACK(initiate, vici_message_t*,
|
||||||
return send_reply(this, "CHILD_SA config '%s' not found", child);
|
return send_reply(this, "CHILD_SA config '%s' not found", child);
|
||||||
}
|
}
|
||||||
switch (charon->controller->initiate(charon->controller, peer_cfg,
|
switch (charon->controller->initiate(charon->controller, peer_cfg,
|
||||||
child_cfg, (controller_cb_t)log_vici, &log, timeout, FALSE))
|
child_cfg, (controller_cb_t)log_vici, &log, timeout, limits))
|
||||||
{
|
{
|
||||||
case SUCCESS:
|
case SUCCESS:
|
||||||
return send_reply(this, NULL);
|
return send_reply(this, NULL);
|
||||||
case OUT_OF_RES:
|
case OUT_OF_RES:
|
||||||
return send_reply(this, "CHILD_SA '%s' not established after %dms",
|
return send_reply(this, "CHILD_SA '%s' not established after %dms",
|
||||||
child, timeout);
|
child, timeout);
|
||||||
|
case INVALID_STATE:
|
||||||
|
return send_reply(this, "establishing CHILD_SA '%s' not possible "
|
||||||
|
"at the moment due to limits", child);
|
||||||
case FAILED:
|
case FAILED:
|
||||||
default:
|
default:
|
||||||
return send_reply(this, "establishing CHILD_SA '%s' failed", child);
|
return send_reply(this, "establishing CHILD_SA '%s' failed", child);
|
||||||
|
|
Loading…
Reference in New Issue