17
unknown
unknown
beakerlib-1.29.2-1.fc38.noarch
beakerlib-redhat-1-33.fc37eng.noarch
unknown
2022-09-24 17:51:07 EDT
2022-09-24 17:55:14 EDT
Fedora release 38 (Rawhide)
hpe-apollo-cn99xx-14-vm-08.khw4.lab.eng.bos.redhat.com
unknown
0 x
5903 MB
99.86 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.0.0-0.rc6.a63f2e7cb110.45.test.fc38.aarch64/kernel/drivers/net/macsec.ko.xzalias: rtnl-link-macsecalias: net-pf-16-proto-16-family-macsecdescription: MACsec IEEE 802.1AElicense: GPL v2vermagic: 6.0.0-0.rc6.a63f2e7cb110.45.test.fc38.aarch64 SMP preempt mod_unload aarch64name: macsecintree: Ydepends:rhelversion: 9.99sig_id: PKCS#7signer: Fedora kernel signing keysig_key: 18:F8:DE:9F:41:A3:FF:60:A2:D9:A1:58:CB:59:03:04:BE:04:BC:A1sig_hashalgo: sha256signature: 02:F3:3C:56:09:40:9D:C3:5A:B9:B6:33:B9:8B:A1:A4:3F:7A:DE:68:D2:F7:CD:4D:26:B3:DD:9D:03:F9:EF:7E:9E:B1:B4:D9:85:A8:50:D8:6E:6A:AF:36:9C:14:9D:F9:85:76:3A:70:D7:8E:30:45:CE:12:9C:CB:86:3D:59:01:4E:46:12:81:02:18:36:A3:42:2C:0C:76:E4:5A:E8:1D:40:19:DB:F2:29:B0:55:6A:16:8C:E3:BC:7E:74:75:E2:40:B1:22:63:DE:4F:3C:60:54:C5:7A:2A:D3:94:63:2A:61:D3:86:F9:37:BB:15:AE:03:BA:FC:C3:D9:3E:72:49:A9:48:FC:7E:E8:E4:8F:44:79:CE:7B:72:48:FC:EB:89:91:5F:B3:4B:48:9E:6D:2C:5A:FB:45:5B:6F:5D:82:2A:FE:B1:77:F8:58:1F:88:30:0B:97:36:C1:BF:83:14:BD:A4:16:D3:30:D8:9A:1A:CC:79:C3:72:F5:4B:D6:12:19:46:F2:76:0A:A2:9E:B0:6D:3F:B9:CE:B1:E5:37:9E:00:69:6E:13:C4:C0:C0:96:F8:FF:C7:71:45:9C:69:1A:8E:04:50:9D:6C:28:48:01:3F:BF:0E:01:57:B9:1F:41:4A:D9:82:C1:5A:B8:DA:E9:C0:01:9D:E0:79:56:BA:12:9D:B5:04:9F:51:CD:B2:B7:17:6D:41:68:B9:E2:66:25:3A:FE:E1:2A:B7:0B:AD:4C:7D:43:80:F8:B7:E8:3E:00:95:54:8A:41:60:B8:EB:0A:47:A0:8D:6F:29:FE:02:6F:19:9D:E9:AA:5D:29:9F:23:8F:AD:FC:7D:1D:19:92:AC:04:F3:F1:52:61:86:86:8B:96:2C:20:F9:EF:89:E8:3E:50:D8:BE:22:1A:70:F1:49:5E:AC:AB:D9:09:88:67:07:55:64:52:B5:48:2D:75:22:2C:62:3F:54:D3:EB:03:F3:99:0E:23:EA:E3:44:67:16:A1:76:CE:26:FB:36:DF:86:0B:F4:FF:68:DB:E6:17:0E:5B:14:A3:9C:B5:A9:6F:9E:8E:5C:A3:58:6E:4A:C1:ED:78:EB:02:18:94:2D:A6:EA:0E:62:73:20:D0:0D:18:39:F9:A5:01:30:0A:64:15:2E:D4:70:0E:69:3C:1F:B2:07:05:AC:7D:23:A6:0A:AF:49:E4:6B:C9:91:0E:97:72:81:B1:48:34:F0:E4:A9:6B:A9:EC:27:59:CE:6E:71:77:55:26:2A:97:BD:81:26:55:25:45:A8:D1:93:60:49:09:81:E9:E6:95:60:68:8A:30:81:7A:D8:B6:EF:7A:87:59:04:39:8D:68:50:CB:2C:B6:E3:AC--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------80: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether fe:a6:41:85:05:65 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------80: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether fe:a6:41:85:05:65 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci fea6418505650001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------80: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: fea6418505650001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb