testing: Let test scenarios fail if IPsec SAs or policies are not removed
authorTobias Brunner <tobias@strongswan.org>
Fri, 21 Aug 2015 12:33:26 +0000 (14:33 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 21 Aug 2015 16:27:06 +0000 (18:27 +0200)
The IKE daemon should delete all installed SAs and policies when
everything works properly, so we fail the test if that's not the case.

testing/do-tests

index 5191d90..c01152c 100755 (executable)
@@ -726,6 +726,24 @@ do
            }
        }' $TESTDIR/posttest.dat` >> $CONSOLE_LOG 2>&1
 
+       ##########################################################################
+       # check that IPsec state was cleaned up properly
+       #
+
+       for host in $IPSECHOSTS
+       do
+               eval HOSTLOGIN=root@\$ipv4_${host}
+               IPSECSTATE=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm state'`
+               IPSECPOLICY=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm policy'`
+               if [ -n "$IPSECSTATE" -o -n "$IPSECPOLICY" ]
+               then
+                       echo -e "\n$host# ip xfrm state [NO]" >> $CONSOLE_LOG
+                       echo "$IPSECSTATE" >> $CONSOLE_LOG
+                       echo -e "\n$host# ip xfrm policy [NO]" >> $CONSOLE_LOG
+                       echo "$IPSECPOLICY" >> $CONSOLE_LOG
+                       STATUS="failed"
+               fi
+       done
 
        ##########################################################################
        # get a copy of /var/log/auth.log