From: Tobias Brunner Date: Thu, 13 Aug 2015 09:08:41 +0000 (+0200) Subject: starter: Don't flush policies in the kernel X-Git-Tag: 5.3.3rc1~2^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bd24f87d35f505a94814fd93b86816d69761527e;p=thirdparty%2Fstrongswan.git starter: Don't flush policies in the kernel We can't control which policies we flush, so if policies are installed and used outside of strongSwan for other protocols we'd flush them too. And if installpolicies=no is used we probably shouldn't flush policies either. Luckily already existing policies are not treated as fatal errors anymore, so not flushing policies should not be that much of an issue (in case of a crash in dynamic setups, e.g. with virtual IPs, policies could be left behind even after restarting the connections and properly terminating the daemon). --- diff --git a/src/starter/netkey.c b/src/starter/netkey.c index 2b500bab46..0b677fb792 100644 --- a/src/starter/netkey.c +++ b/src/starter/netkey.c @@ -65,6 +65,5 @@ void starter_netkey_cleanup(void) return; } hydra->kernel_interface->flush_sas(hydra->kernel_interface); - hydra->kernel_interface->flush_policies(hydra->kernel_interface); lib->plugins->unload(lib->plugins); }