=== modified file 'TODO'
--- TODO	2009-06-02 10:33:04 +0000
+++ TODO	2009-06-02 11:09:07 +0000
@@ -1,8 +1,7 @@
 -*- org -*-
 
 * mandos-client
-** TODO [#A] Take down network interface if it was initially down
-** TODO [#A] Clean up /tmp directory on signal
+** TODO [#A] Clean up /tmp directory and take down interface on signal
 
 * plugin-runner
 ** TODO [#B] use scandir(3) instead of readdir(3)

=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2009-06-02 10:33:04 +0000
+++ plugins.d/mandos-client.c	2009-06-02 11:09:07 +0000
@@ -899,7 +899,8 @@
   int exitcode = EXIT_SUCCESS;
   const char *interface = "eth0";
   struct ifreq network;
-  int sd;
+  int sd = -1;
+  bool interface_taken_up = false;
   uid_t uid;
   gid_t gid;
   char *connect_to = NULL;
@@ -1113,6 +1114,7 @@
 #endif	/* __linux__ */
 	goto end;
       }
+      interface_taken_up = true;
     }
     /* sleep checking until interface is running */
     for(int i=0; i < delay * 4; i++){
@@ -1128,9 +1130,11 @@
 	perror("nanosleep");
       }
     }
-    ret = (int)TEMP_FAILURE_RETRY(close(sd));
-    if(ret == -1){
-      perror("close");
+    if(not interface_taken_up){
+      ret = (int)TEMP_FAILURE_RETRY(close(sd));
+      if(ret == -1){
+	perror("close");
+      }
     }
 #ifdef __linux__
     if(restore_loglevel){
@@ -1297,6 +1301,24 @@
     gpgme_release(mc.ctx);
   }
   
+  /* Take down the network interface */
+  if(interface_taken_up){
+    ret = ioctl(sd, SIOCGIFFLAGS, &network);
+    if(ret == -1){
+      perror("ioctl SIOCGIFFLAGS");
+    } else if(network.ifr_flags & IFF_UP) {
+      network.ifr_flags &= ~IFF_UP; /* clear flag */
+      ret = ioctl(sd, SIOCSIFFLAGS, &network);
+      if(ret == -1){
+	perror("ioctl SIOCSIFFLAGS");
+      }
+    }
+    ret = (int)TEMP_FAILURE_RETRY(close(sd));
+    if(ret == -1){
+      perror("close");
+    }
+  }
+  
   /* Removes the temp directory used by GPGME */
   if(tempdir_created){
     DIR *d;