Only load kernel plugins in starter when flushing SAD/SPD entries

This avoids keeping the kernel sockets open when they are not actually
needed, which could lead to resource problems (in particular with PF_KEY
where all open sockets receive all messages).

Fixes #217.

2 files changed, 8 insertions, 9 deletions

diff --git a/src/starter/netkey.c b/src/starter/netkey.c
index c4784c533..25f68e505 100644
--- a/src/starter/netkey.c
+++ b/src/starter/netkey.c
@@ -58,6 +58,13 @@ bool starter_netkey_init(void)
 
 void starter_netkey_cleanup(void)
 {
+	if (!lib->plugins->load(lib->plugins, NULL,
+			lib->settings->get_str(lib->settings, "starter.load", PLUGINS)))
+	{
+		DBG1(DBG_APP, "unable to load kernel plugins");
+		return;
+	}
 	hydra->kernel_interface->flush_sas(hydra->kernel_interface);
 	hydra->kernel_interface->flush_policies(hydra->kernel_interface);
+	lib->plugins->unload(lib->plugins);
 }
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 7bd321a3d..e867b7a59 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -19,7 +19,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <signal.h>
- #include <syslog.h>
+#include <syslog.h>
 #include <unistd.h>
 #include <sys/time.h>
 #include <time.h>
@@ -525,13 +525,6 @@ int main (int argc, char **argv)
 		}
 	}
 
-	/* load plugins */
-	if (!lib->plugins->load(lib->plugins, NULL,
-			lib->settings->get_str(lib->settings, "starter.load", PLUGINS)))
-	{
-		exit(LSB_RC_FAILURE);
-	}
-
 	/* we handle these signals only in pselect() */
 	memset(&action, 0, sizeof(action));
 	sigemptyset(&action.sa_mask);
@@ -580,7 +573,6 @@ int main (int argc, char **argv)
 			confread_free(cfg);
 			unlink(STARTER_PID_FILE);
 			DBG1(DBG_APP, "ipsec starter stopped");
-			lib->plugins->unload(lib->plugins);
 			close_log();
 			exit(LSB_RC_SUCCESS);
 		}