diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2011-10-21 14:14:36 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2011-10-21 14:24:34 +0200 |
| commit | adab84533ea2d1b8ab6573203c2a936b24811d84 (patch) | |
| tree | f8653f38f601dd5d32b86caa2613984e30452ae9 /src | |
| parent | f3a682c1ffc86ca5acaf02920ea60d5335590735 (diff) | |
| download | strongswan-adab84533ea2d1b8ab6573203c2a936b24811d84.tar.bz2 strongswan-adab84533ea2d1b8ab6573203c2a936b24811d84.tar.xz | |
starter: Use kernel interfaces to flush SAD and SPD.
This now supports platforms where neither 'ip xfrm' nor 'setkey' are
available (like Android).
Diffstat (limited to 'src')
| -rw-r--r-- | src/starter/Makefile.am | 2 | ||||
| -rw-r--r-- | src/starter/netkey.c | 17 | ||||
| -rw-r--r-- | src/starter/starter.c | 4 |
3 files changed, 8 insertions, 15 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index c51289832..ba97c060f 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -27,7 +27,7 @@ AM_CFLAGS = \ AM_YFLAGS = -v -d -starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) +starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libhydra/libhydra.la $(SOCKLIB) EXTRA_DIST = keywords.txt ipsec.conf MAINTAINERCLEANFILES = keywords.c BUILT_SOURCES = parser.h diff --git a/src/starter/netkey.c b/src/starter/netkey.c index e0449f0b2..6646195cb 100644 --- a/src/starter/netkey.c +++ b/src/starter/netkey.c @@ -17,6 +17,7 @@ #include <stdlib.h> #include <freeswan.h> +#include <hydra.h> #include "../pluto/constants.h" #include "../pluto/defs.h" @@ -66,18 +67,6 @@ starter_netkey_init(void) void starter_netkey_cleanup(void) { - if (system("ip xfrm state > /dev/null 2>&1") == 0) - { - ignore_result(system("ip xfrm state flush")); - ignore_result(system("ip xfrm policy flush")); - } - else if (system("type setkey > /dev/null 2>&1") == 0) - { - ignore_result(system("setkey -F")); - ignore_result(system("setkey -FP")); - } - else - { - plog("WARNING: cannot flush IPsec state/policy database"); - } + hydra->kernel_interface->flush_sas(hydra->kernel_interface); + hydra->kernel_interface->flush_policies(hydra->kernel_interface); } diff --git a/src/starter/starter.c b/src/starter/starter.c index db3ca43c8..44e21431c 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -29,6 +29,7 @@ #include <freeswan.h> #include <library.h> +#include <hydra.h> #include "../pluto/constants.h" #include "../pluto/defs.h" @@ -281,6 +282,9 @@ int main (int argc, char **argv) library_init(NULL); atexit(library_deinit); + libhydra_init("starter"); + atexit(libhydra_deinit); + /* parse command line */ for (i = 1; i < argc; i++) { |