From: Linda K. <lin...@hp...> - 2011-12-19 22:14:19
|
Restarting ipsec on the lblnet_tst_server without run_init wasn't correct so just flush the xfrm state instead. Signed-off-by: Linda Knippers <lin...@hp...> --- audit/trustedprograms/tests/test_ipsec.bash | 13 ++++++------- audit/utils/network-server/lblnet_tst_server.c | 15 ++++++++++----- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/audit/trustedprograms/tests/test_ipsec.bash b/audit/trustedprograms/tests/test_ipsec.bash index cc97e4f..f8fbf94 100755 --- a/audit/trustedprograms/tests/test_ipsec.bash +++ b/audit/trustedprograms/tests/test_ipsec.bash @@ -111,7 +111,7 @@ function normalize_addr { } # -# remote_ipsec_restart - restart ipsec on the lblnet test server +# remote_ipsec_flush - flush ipsec on the lblnet test server # # INPUT # none @@ -120,8 +120,8 @@ function normalize_addr { # none # # DESCRIPTION -# This function restarts ipsec on the remote lblnet_tst server -# which flushes the SA state. This is needed to reset the state +# This function flush ipsec on the remote lblnet_tst server +# to clear the SA state. This is needed to reset the state # at the beginning of the tests. It sleeps giving time for ipsec # to complete the restart. # @@ -129,10 +129,9 @@ function normalize_addr { # tests should do this too. Should also lock/unlock the lblnet_tst # server # -function remote_ipsec_restart { - declare str="ipsec:restart;" +function remote_ipsec_flush { + declare str="ipsec:flush;" $cmd_nc -w 1 $1 4000 <<< $str - sleep 10 } @@ -290,7 +289,7 @@ fi ip xfrm state flush || exit_error # restart (and flush) ipsec on the lblnet test server -remote_ipsec_restart $ip_dst +remote_ipsec_flush $ip_dst # mark the log for augrok later log_mark=$(stat -c %s $audit_log) diff --git a/audit/utils/network-server/lblnet_tst_server.c b/audit/utils/network-server/lblnet_tst_server.c index c626768..864f97b 100644 --- a/audit/utils/network-server/lblnet_tst_server.c +++ b/audit/utils/network-server/lblnet_tst_server.c @@ -216,10 +216,11 @@ void ctl_echo(int sock, char *param) * @param: parameter string * * Description: - * Call service ipsec with the restart param string + * handle special ipsec operations, currently just a flush. + * * format: * - * ipsec:restart + * ipsec:flush * * This is intended to be used by ipsec audit tests to flush * the test server between runs. @@ -247,11 +248,15 @@ void ctl_ipsec(int sock, char *param) SMSG(SMSG_NOTICE, fprintf(log_fd, "action = (%10s)\n", (char *) action_str)); + if (strcasecmp(action_str, "flush") != 0) { + SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): invalid action %s\n", + action_str)); + return; + } pid_t pID = fork(); if (pID == 0) { - rc = execl("/sbin/service", - "/sbin/service", - "ipsec", (char *) action_str, (char *) NULL); + rc = execl("/sbin/ip", "/sbin/ip", + "xfrm", "state", "flush", (char *) NULL); if (rc == -1) SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): execl failed (%d)\n", errno)); -- 1.7.4.4 |