From: Tobias Brunner Date: Tue, 14 Aug 2012 14:59:22 +0000 (+0200) Subject: Only load kernel plugins in starter when flushing SAD/SPD entries X-Git-Tag: 5.0.1~186 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71b89d672234e84e387f7c65883babe486d74edc;p=thirdparty%2Fstrongswan.git Only load kernel plugins in starter when flushing SAD/SPD entries This avoids keeping the kernel sockets open when they are not actually needed, which could lead to resource problems (in particular with PF_KEY where all open sockets receive all messages). Fixes #217. --- diff --git a/src/starter/netkey.c b/src/starter/netkey.c index c4784c5334..25f68e5051 100644 --- a/src/starter/netkey.c +++ b/src/starter/netkey.c @@ -58,6 +58,13 @@ bool starter_netkey_init(void) void starter_netkey_cleanup(void) { + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "starter.load", PLUGINS))) + { + DBG1(DBG_APP, "unable to load kernel plugins"); + return; + } hydra->kernel_interface->flush_sas(hydra->kernel_interface); hydra->kernel_interface->flush_policies(hydra->kernel_interface); + lib->plugins->unload(lib->plugins); } diff --git a/src/starter/starter.c b/src/starter/starter.c index 7bd321a3d3..e867b7a59c 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -19,7 +19,7 @@ #include #include #include - #include +#include #include #include #include @@ -525,13 +525,6 @@ int main (int argc, char **argv) } } - /* load plugins */ - if (!lib->plugins->load(lib->plugins, NULL, - lib->settings->get_str(lib->settings, "starter.load", PLUGINS))) - { - exit(LSB_RC_FAILURE); - } - /* we handle these signals only in pselect() */ memset(&action, 0, sizeof(action)); sigemptyset(&action.sa_mask); @@ -580,7 +573,6 @@ int main (int argc, char **argv) confread_free(cfg); unlink(STARTER_PID_FILE); DBG1(DBG_APP, "ipsec starter stopped"); - lib->plugins->unload(lib->plugins); close_log(); exit(LSB_RC_SUCCESS); }