From 9086f060d35a71cd7d6a53006b57fe6c77a70156 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 21 Aug 2015 14:33:26 +0200
Subject: [PATCH] testing: Let test scenarios fail if IPsec SAs or policies are
 not removed

The IKE daemon should delete all installed SAs and policies when
everything works properly, so we fail the test if that's not the case.
---
 testing/do-tests | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/testing/do-tests b/testing/do-tests
index 5191d9007a..c01152c7bb 100755
--- a/testing/do-tests
+++ b/testing/do-tests
@@ -726,6 +726,24 @@ do
 	    }
 	}' $TESTDIR/posttest.dat` >> $CONSOLE_LOG 2>&1
 
+	##########################################################################
+	# check that IPsec state was cleaned up properly
+	#
+
+	for host in $IPSECHOSTS
+	do
+		eval HOSTLOGIN=root@\$ipv4_${host}
+		IPSECSTATE=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm state'`
+		IPSECPOLICY=`ssh $SSHCONF $HOSTLOGIN 'ip xfrm policy'`
+		if [ -n "$IPSECSTATE" -o -n "$IPSECPOLICY" ]
+		then
+			echo -e "\n$host# ip xfrm state [NO]" >> $CONSOLE_LOG
+			echo "$IPSECSTATE" >> $CONSOLE_LOG
+			echo -e "\n$host# ip xfrm policy [NO]" >> $CONSOLE_LOG
+			echo "$IPSECPOLICY" >> $CONSOLE_LOG
+			STATUS="failed"
+		fi
+	done
 
 	##########################################################################
 	# get a copy of /var/log/auth.log
-- 
2.47.3