[Audit-test-developer] [PATCH] flush remote ipsec state, rather than restart ipsec

[Linda K. <lin...@hp...>]

Restarting ipsec on the lblnet_tst_server without run_init
wasn't correct so just flush the xfrm state instead.

Signed-off-by: Linda Knippers <lin...@hp...>
---
 audit/trustedprograms/tests/test_ipsec.bash    |   13 ++++++-------
 audit/utils/network-server/lblnet_tst_server.c |   15 ++++++++++-----
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/audit/trustedprograms/tests/test_ipsec.bash b/audit/trustedprograms/tests/test_ipsec.bash
index cc97e4f..f8fbf94 100755
--- a/audit/trustedprograms/tests/test_ipsec.bash
+++ b/audit/trustedprograms/tests/test_ipsec.bash
@@ -111,7 +111,7 @@ function normalize_addr {
 }
 
 #
-# remote_ipsec_restart - restart ipsec on the lblnet test server
+# remote_ipsec_flush - flush ipsec on the lblnet test server
 #
 # INPUT
 # none
@@ -120,8 +120,8 @@ function normalize_addr {
 # none
 #
 # DESCRIPTION
-# This function restarts ipsec on the remote lblnet_tst server
-# which flushes the SA state.  This is needed to reset the state
+# This function flush ipsec on the remote lblnet_tst server
+# to clear the SA state.  This is needed to reset the state
 # at the beginning of the tests.  It sleeps giving time for ipsec
 # to complete the restart.
 #
@@ -129,10 +129,9 @@ function normalize_addr {
 # tests should do this too.  Should also lock/unlock the lblnet_tst
 # server
 #
-function remote_ipsec_restart {
-    declare str="ipsec:restart;"
+function remote_ipsec_flush {
+    declare str="ipsec:flush;"
     $cmd_nc -w 1  $1 4000 <<< $str
-    sleep 10
 }
 
 
@@ -290,7 +289,7 @@ fi
 ip xfrm state flush || exit_error
 
 # restart (and flush) ipsec on the lblnet test server
-remote_ipsec_restart $ip_dst
+remote_ipsec_flush $ip_dst
 
 # mark the log for augrok later
 log_mark=$(stat -c %s $audit_log)
diff --git a/audit/utils/network-server/lblnet_tst_server.c b/audit/utils/network-server/lblnet_tst_server.c
index c626768..864f97b 100644
--- a/audit/utils/network-server/lblnet_tst_server.c
+++ b/audit/utils/network-server/lblnet_tst_server.c
@@ -216,10 +216,11 @@ void ctl_echo(int sock, char *param)
  * @param: parameter string
  *
  * Description:
- * Call service ipsec with the restart param string
+ * handle special ipsec operations, currently just a flush.
+ *
  * format:
  *
- *  ipsec:restart
+ *  ipsec:flush
  *
  * This is intended to be used by ipsec audit tests to flush
  * the test server between runs.
@@ -247,11 +248,15 @@ void ctl_ipsec(int sock, char *param)
   SMSG(SMSG_NOTICE, fprintf(log_fd, "action = (%10s)\n",
 			    (char *) action_str));
 
+  if (strcasecmp(action_str, "flush") != 0) {
+	SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): invalid action %s\n",
+		action_str));
+	return;
+  }
   pid_t pID = fork();
   if (pID == 0) {
-    rc = execl("/sbin/service",
-               "/sbin/service",
-	       "ipsec", (char *) action_str, (char *) NULL);
+    rc = execl("/sbin/ip", "/sbin/ip",
+	       "xfrm", "state", "flush", (char *) NULL);
     if (rc == -1)
       SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): execl failed (%d)\n", errno));
 
-- 
1.7.4.4