3 files changed, 28 insertions, 5 deletions

diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index 77a41b412..1f2448376 100644
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -169,6 +169,10 @@ static void destroy(private_daemon_t *this)
 		this->public.processor->set_threads(this->public.processor, 0);
 	}
 	/* close all IKE_SAs */
+	if (this->public.ike_sa_manager)
+	{
+		this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
+	}
 	DESTROY_IF(this->public.plugins);
 	DESTROY_IF(this->public.ike_sa_manager);
 	DESTROY_IF(this->public.kernel_interface);
diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c
index 095a54d12..5c84cf07d 100644
--- a/src/charon/sa/ike_sa_manager.c
+++ b/src/charon/sa/ike_sa_manager.c
@@ -898,9 +898,9 @@ static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip)
 }
 
 /**
- * Implementation of ike_sa_manager_t.destroy.
+ * Implementation of ike_sa_manager_t.flush.
  */
-static void destroy(private_ike_sa_manager_t *this)
+static void flush(private_ike_sa_manager_t *this)
 {
 	/* destroy all list entries */
 	enumerator_t *enumerator;
@@ -943,9 +943,20 @@ static void destroy(private_ike_sa_manager_t *this)
 	
 	DBG2(DBG_MGR, "destroy all entries");
 	/* Step 4: destroy all entries */
-	this->ike_sa_list->destroy_function(this->ike_sa_list, (void*)entry_destroy);
+	while (this->ike_sa_list->remove_last(this->ike_sa_list,
+										  (void**)&entry) == SUCCESS)
+	{
+		entry_destroy(entry);
+	}
 	pthread_mutex_unlock(&(this->mutex));
-	
+}
+
+/**
+ * Implementation of ike_sa_manager_t.destroy.
+ */
+static void destroy(private_ike_sa_manager_t *this)
+{
+	this->ike_sa_list->destroy(this->ike_sa_list);
 	this->rng->destroy(this->rng);
 	this->hasher->destroy(this->hasher);
 	
@@ -960,6 +971,7 @@ ike_sa_manager_t *ike_sa_manager_create()
 	private_ike_sa_manager_t *this = malloc_thing(private_ike_sa_manager_t);
 
 	/* assign public functions */
+	this->public.flush = (void(*)(ike_sa_manager_t*))flush;
 	this->public.destroy = (void(*)(ike_sa_manager_t*))destroy;
 	this->public.checkout = (ike_sa_t*(*)(ike_sa_manager_t*, ike_sa_id_t*))checkout;
 	this->public.checkout_new = (ike_sa_t*(*)(ike_sa_manager_t*,bool))checkout_new;
diff --git a/src/charon/sa/ike_sa_manager.h b/src/charon/sa/ike_sa_manager.h
index a91c943ed..8fc243e3f 100644
--- a/src/charon/sa/ike_sa_manager.h
+++ b/src/charon/sa/ike_sa_manager.h
@@ -199,10 +199,17 @@ struct ike_sa_manager_t {
 	int (*get_half_open_count) (ike_sa_manager_t *this, host_t *ip);
 	
 	/**
-	 * Destroys the manager with all associated SAs.
+	 * Delete all existing IKE_SAs and destroy them immediately.
 	 * 
 	 * Threads will be driven out, so all SAs can be deleted cleanly.
 	 */
+	void (*flush)(ike_sa_manager_t *this);
+	
+	/**
+	 * Destroys the manager with all associated SAs.
+	 *
+	 * A call to flush() is required before calling destroy.
+	 */
 	void (*destroy) (ike_sa_manager_t *this);
 };