starter: Use kernel interfaces to flush SAD and SPD.

This now supports platforms where neither 'ip xfrm' nor 'setkey' are
available (like Android).

diff --git a/configure.in b/configure.in
index abde2876d99ce4db6345a482418c09e486843f76..75e7244ca153cd688a07bb37d6cca41cc29ef8da 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -807,10 +807,10 @@ ADD_PLUGIN([xauth],                [p pluto])
 ADD_PLUGIN([attr],                 [h libcharon pluto])
 ADD_PLUGIN([attr-sql],             [h libcharon pluto])
 ADD_PLUGIN([load-tester],          [c libcharon])
-ADD_PLUGIN([kernel-pfkey],         [h libcharon pluto])
-ADD_PLUGIN([kernel-pfroute],       [h libcharon pluto])
-ADD_PLUGIN([kernel-klips],         [h libcharon pluto])
-ADD_PLUGIN([kernel-netlink],       [h libcharon pluto])
+ADD_PLUGIN([kernel-pfkey],         [h libcharon pluto starter])
+ADD_PLUGIN([kernel-pfroute],       [h libcharon pluto starter])
+ADD_PLUGIN([kernel-klips],         [h libcharon pluto starter])
+ADD_PLUGIN([kernel-netlink],       [h libcharon pluto starter])
 ADD_PLUGIN([resolve],              [h libcharon pluto])
 ADD_PLUGIN([socket-default],       [c libcharon])
 ADD_PLUGIN([socket-raw],           [c libcharon])

diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index c5128983233b861d4bd07d81b356f3a32375d681..ba97c060f98fabe1b23b3742833f863011165330 100644 (file)
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -27,7 +27,7 @@ AM_CFLAGS = \
 
 AM_YFLAGS = -v -d
 
-starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
+starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libhydra/libhydra.la $(SOCKLIB)
 EXTRA_DIST = keywords.txt ipsec.conf
 MAINTAINERCLEANFILES = keywords.c
 BUILT_SOURCES = parser.h

diff --git a/src/starter/netkey.c b/src/starter/netkey.c
index e0449f0b2599f0c1a40c10f6428b8b6353507c87..6646195cb4de6ff9dca894712f4bd2b45a1e52f8 100644 (file)
--- a/src/starter/netkey.c
+++ b/src/starter/netkey.c
@@ -17,6 +17,7 @@
 #include <stdlib.h>
 
 #include <freeswan.h>
+#include <hydra.h>
 
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
@@ -66,18 +67,6 @@ starter_netkey_init(void)
 void
 starter_netkey_cleanup(void)
 {
-       if (system("ip xfrm state > /dev/null 2>&1") == 0)
-       {
-               ignore_result(system("ip xfrm state flush"));
-               ignore_result(system("ip xfrm policy flush"));
-       }
-       else if (system("type setkey > /dev/null 2>&1") == 0)
-       {
-               ignore_result(system("setkey -F"));
-               ignore_result(system("setkey -FP"));
-       }
-       else
-       {
-               plog("WARNING: cannot flush IPsec state/policy database");
-       }
+       hydra->kernel_interface->flush_sas(hydra->kernel_interface);
+       hydra->kernel_interface->flush_policies(hydra->kernel_interface);
 }

diff --git a/src/starter/starter.c b/src/starter/starter.c
index db3ca43c87d4d41931b4fe177930c085cbc1216f..44e21431c6482d6a3b39e568a9b456d1547526cb 100644 (file)
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -29,6 +29,7 @@
 
 #include <freeswan.h>
 #include <library.h>
+#include <hydra.h>
 
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
@@ -281,6 +282,9 @@ int main (int argc, char **argv)
        library_init(NULL);
        atexit(library_deinit);
 
+       libhydra_init("starter");
+       atexit(libhydra_deinit);
+
        /* parse command line */
        for (i = 1; i < argc; i++)
        {