From adab84533ea2d1b8ab6573203c2a936b24811d84 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 21 Oct 2011 14:14:36 +0200
Subject: [PATCH] starter: Use kernel interfaces to flush SAD and SPD.

This now supports platforms where neither 'ip xfrm' nor 'setkey' are
available (like Android).
---
 configure.in            |  8 ++++----
 src/starter/Makefile.am |  2 +-
 src/starter/netkey.c    | 17 +++--------------
 src/starter/starter.c   |  4 ++++
 4 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/configure.in b/configure.in
index abde287..75e7244 100644
--- a/configure.in
+++ b/configure.in
@@ -807,10 +807,10 @@ ADD_PLUGIN([xauth],                [p pluto])
 ADD_PLUGIN([attr],                 [h libcharon pluto])
 ADD_PLUGIN([attr-sql],             [h libcharon pluto])
 ADD_PLUGIN([load-tester],          [c libcharon])
-ADD_PLUGIN([kernel-pfkey],         [h libcharon pluto])
-ADD_PLUGIN([kernel-pfroute],       [h libcharon pluto])
-ADD_PLUGIN([kernel-klips],         [h libcharon pluto])
-ADD_PLUGIN([kernel-netlink],       [h libcharon pluto])
+ADD_PLUGIN([kernel-pfkey],         [h libcharon pluto starter])
+ADD_PLUGIN([kernel-pfroute],       [h libcharon pluto starter])
+ADD_PLUGIN([kernel-klips],         [h libcharon pluto starter])
+ADD_PLUGIN([kernel-netlink],       [h libcharon pluto starter])
 ADD_PLUGIN([resolve],              [h libcharon pluto])
 ADD_PLUGIN([socket-default],       [c libcharon])
 ADD_PLUGIN([socket-raw],           [c libcharon])
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index c512898..ba97c06 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -27,7 +27,7 @@ AM_CFLAGS = \
 
 AM_YFLAGS = -v -d
 
-starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
+starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libhydra/libhydra.la $(SOCKLIB)
 EXTRA_DIST = keywords.txt ipsec.conf
 MAINTAINERCLEANFILES = keywords.c
 BUILT_SOURCES = parser.h
diff --git a/src/starter/netkey.c b/src/starter/netkey.c
index e0449f0..6646195 100644
--- a/src/starter/netkey.c
+++ b/src/starter/netkey.c
@@ -17,6 +17,7 @@
 #include <stdlib.h>
 
 #include <freeswan.h>
+#include <hydra.h>
 
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
@@ -66,18 +67,6 @@ starter_netkey_init(void)
 void
 starter_netkey_cleanup(void)
 {
-	if (system("ip xfrm state > /dev/null 2>&1") == 0)
-	{
-		ignore_result(system("ip xfrm state flush"));
-		ignore_result(system("ip xfrm policy flush"));
-	}
-	else if (system("type setkey > /dev/null 2>&1") == 0)
-	{
-		ignore_result(system("setkey -F"));
-		ignore_result(system("setkey -FP"));
-	}
-	else
-	{
-		plog("WARNING: cannot flush IPsec state/policy database");
-	}
+	hydra->kernel_interface->flush_sas(hydra->kernel_interface);
+	hydra->kernel_interface->flush_policies(hydra->kernel_interface);
 }
diff --git a/src/starter/starter.c b/src/starter/starter.c
index db3ca43..44e2143 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -29,6 +29,7 @@
 
 #include <freeswan.h>
 #include <library.h>
+#include <hydra.h>
 
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
@@ -281,6 +282,9 @@ int main (int argc, char **argv)
 	library_init(NULL);
 	atexit(library_deinit);
 
+	libhydra_init("starter");
+	atexit(libhydra_deinit);
+
 	/* parse command line */
 	for (i = 1; i < argc; i++)
 	{
-- 
2.7.4