From bd24f87d35f505a94814fd93b86816d69761527e Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 13 Aug 2015 11:08:41 +0200 Subject: [PATCH] starter: Don't flush policies in the kernel We can't control which policies we flush, so if policies are installed and used outside of strongSwan for other protocols we'd flush them too. And if installpolicies=no is used we probably shouldn't flush policies either. Luckily already existing policies are not treated as fatal errors anymore, so not flushing policies should not be that much of an issue (in case of a crash in dynamic setups, e.g. with virtual IPs, policies could be left behind even after restarting the connections and properly terminating the daemon). --- src/starter/netkey.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/starter/netkey.c b/src/starter/netkey.c index 2b500bab46..0b677fb792 100644 --- a/src/starter/netkey.c +++ b/src/starter/netkey.c @@ -65,6 +65,5 @@ void starter_netkey_cleanup(void) return; } hydra->kernel_interface->flush_sas(hydra->kernel_interface); - hydra->kernel_interface->flush_policies(hydra->kernel_interface); lib->plugins->unload(lib->plugins); } -- 2.47.2