Only load kernel plugins in starter when flushing SAD/SPD entries
authorTobias Brunner <tobias@strongswan.org>
Tue, 14 Aug 2012 14:59:22 +0000 (16:59 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 16 Aug 2012 14:14:15 +0000 (16:14 +0200)
This avoids keeping the kernel sockets open when they are not actually
needed, which could lead to resource problems (in particular with PF_KEY
where all open sockets receive all messages).

Fixes #217.

src/starter/netkey.c
src/starter/starter.c

index c4784c5..25f68e5 100644 (file)
@@ -58,6 +58,13 @@ bool starter_netkey_init(void)
 
 void starter_netkey_cleanup(void)
 {
+       if (!lib->plugins->load(lib->plugins, NULL,
+                       lib->settings->get_str(lib->settings, "starter.load", PLUGINS)))
+       {
+               DBG1(DBG_APP, "unable to load kernel plugins");
+               return;
+       }
        hydra->kernel_interface->flush_sas(hydra->kernel_interface);
        hydra->kernel_interface->flush_policies(hydra->kernel_interface);
+       lib->plugins->unload(lib->plugins);
 }
index 7bd321a..e867b7a 100644 (file)
@@ -19,7 +19,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <signal.h>
- #include <syslog.h>
+#include <syslog.h>
 #include <unistd.h>
 #include <sys/time.h>
 #include <time.h>
@@ -525,13 +525,6 @@ int main (int argc, char **argv)
                }
        }
 
-       /* load plugins */
-       if (!lib->plugins->load(lib->plugins, NULL,
-                       lib->settings->get_str(lib->settings, "starter.load", PLUGINS)))
-       {
-               exit(LSB_RC_FAILURE);
-       }
-
        /* we handle these signals only in pselect() */
        memset(&action, 0, sizeof(action));
        sigemptyset(&action.sa_mask);
@@ -580,7 +573,6 @@ int main (int argc, char **argv)
                        confread_free(cfg);
                        unlink(STARTER_PID_FILE);
                        DBG1(DBG_APP, "ipsec starter stopped");
-                       lib->plugins->unload(lib->plugins);
                        close_log();
                        exit(LSB_RC_SUCCESS);
                }