starter: Don't flush policies in the kernel

We can't control which policies we flush, so if policies are installed
and used outside of strongSwan for other protocols we'd flush them too.
And if installpolicies=no is used we probably shouldn't flush policies
either.  Luckily already existing policies are not treated as fatal
errors anymore, so not flushing policies should not be that much of an
issue (in case of a crash in dynamic setups, e.g. with virtual IPs,
policies could be left behind even after restarting the connections and
properly terminating the daemon).

diff --git a/src/starter/netkey.c b/src/starter/netkey.c
index 2b500bab46e9685bb3c8b5c86ab438a424881df9..0b677fb79287758c0c3f523390f1f7814ec7ba47 100644 (file)
--- a/src/starter/netkey.c
+++ b/src/starter/netkey.c
@@ -65,6 +65,5 @@ void starter_netkey_cleanup(void)
                return;
        }
        hydra->kernel_interface->flush_sas(hydra->kernel_interface);
-       hydra->kernel_interface->flush_policies(hydra->kernel_interface);
        lib->plugins->unload(lib->plugins);
 }