starter: Use kernel interfaces to flush SAD and SPD.

This now supports platforms where neither 'ip xfrm' nor 'setkey' are available (like Android).
author: Tobias Brunner <tobias@strongswan.org> 2011-10-21 14:14:36 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2011-10-21 14:24:34 +0200
commit: adab84533ea2d1b8ab6573203c2a936b24811d84 (patch)
tree: f8653f38f601dd5d32b86caa2613984e30452ae9 /src/starter/netkey.c
parent: f3a682c1ffc86ca5acaf02920ea60d5335590735 (diff)
download: strongswan-adab84533ea2d1b8ab6573203c2a936b24811d84.tar.bz2
strongswan-adab84533ea2d1b8ab6573203c2a936b24811d84.tar.xz
1 files changed, 3 insertions, 14 deletions
diff --git a/src/starter/netkey.c b/src/starter/netkey.c
index e0449f0b2..6646195cb 100644
--- a/src/starter/netkey.c
+++ b/src/starter/netkey.c
@@ -17,6 +17,7 @@
 #include <stdlib.h>
 
 #include <freeswan.h>
+#include <hydra.h>
 
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
@@ -66,18 +67,6 @@ starter_netkey_init(void)
 void
 starter_netkey_cleanup(void)
 {
-	if (system("ip xfrm state > /dev/null 2>&1") == 0)
-	{
-		ignore_result(system("ip xfrm state flush"));
-		ignore_result(system("ip xfrm policy flush"));
-	}
-	else if (system("type setkey > /dev/null 2>&1") == 0)
-	{
-		ignore_result(system("setkey -F"));
-		ignore_result(system("setkey -FP"));
-	}
-	else
-	{
-		plog("WARNING: cannot flush IPsec state/policy database");
-	}
+	hydra->kernel_interface->flush_sas(hydra->kernel_interface);
+	hydra->kernel_interface->flush_policies(hydra->kernel_interface);
 }
author	Tobias Brunner <tobias@strongswan.org>	2011-10-21 14:14:36 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2011-10-21 14:24:34 +0200
commit	adab84533ea2d1b8ab6573203c2a936b24811d84 (patch)
tree	f8653f38f601dd5d32b86caa2613984e30452ae9 /src/starter/netkey.c
parent	f3a682c1ffc86ca5acaf02920ea60d5335590735 (diff)
download	strongswan-adab84533ea2d1b8ab6573203c2a936b24811d84.tar.bz2 strongswan-adab84533ea2d1b8ab6573203c2a936b24811d84.tar.xz