16
unknown
unknown
beakerlib-1.29.2-1.fc38.noarch
unknown
2022-09-29 14:15:20 EDT
2022-09-29 14:18:30 EDT
Fedora release 38 (Rawhide)
kvm-04-guest28.hv2.lab.eng.bos.redhat.com
unknown
1 x Intel Xeon Processor (Skylake, IBRS)
7944 MB
50.87 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.0.0-rc7/kernel/drivers/net/macsec.kolicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecdepends:retpoline: Yintree: Yname: macsecvermagic: 6.0.0-rc7 SMP preempt mod_unloadsig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 1F:8E:65:30:89:AD:22:D1:9F:D3:0F:DD:6D:45:3A:D3:0C:61:E7:D7sig_hashalgo: sha512signature: CE:77:9A:D5:AC:8F:0B:22:AC:00:F0:0A:22:97:C1:5D:4E:85:AD:CF:1F:29:CD:05:80:F2:19:45:4B:FF:32:8C:84:06:E8:71:AE:AC:9C:6E:E5:19:15:91:AE:5C:B6:F0:97:D8:50:0D:28:1B:C7:BC:43:71:4F:AC:A3:84:2A:31:F1:FC:AC:B3:94:A7:BA:0E:37:1E:CF:0A:4F:49:21:8C:57:2F:CB:08:D9:AA:CA:00:EF:1E:22:78:CC:4B:08:BD:CD:8D:BB:26:FF:CA:39:17:0A:C6:BE:DF:28:B9:10:4D:D8:C4:38:AB:08:11:79:CF:B8:88:9C:C6:C5:2A:94:6B:EC:2E:B6:10:CE:71:90:D8:39:AE:7C:A8:1A:8A:88:D2:C2:A4:C5:89:AE:EC:7D:6B:11:34:B5:14:F5:6A:BA:08:62:68:B3:F8:92:EB:F9:19:6C:E2:F9:72:5A:D1:9F:21:EC:0A:32:93:2B:06:E2:2D:00:D9:F3:7B:9E:AE:D8:B5:A0:86:CC:AB:9F:28:06:81:09:D6:9C:35:E8:05:59:C2:07:B0:33:72:D4:BC:F4:83:8D:AA:82:CB:CD:E9:4C:F7:A1:C9:9F:23:BD:A3:73:79:68:D8:67:DF:47:F3:71:72:3F:22:1B:DB:60:AE:F5:81:E2:EC:CB:3F:8A:BE:03:B0:76:E3:62:CA:7D:21:49:DC:C0:1B:47:F6:D5:EF:82:8B:71:24:2B:D2:5A:1B:80:CA:BC:BC:00:8F:81:D6:5D:DF:0C:AC:31:63:E9:9F:2A:E6:FC:B9:40:7E:5E:6A:AB:C2:0D:CD:1D:4D:5D:8C:47:1D:D3:CB:7D:DE:19:54:D9:B2:60:EA:4B:EE:95:2F:EF:1C:D7:AB:1D:2B:C6:39:CB:79:B8:3D:C3:B6:60:A9:35:EA:C1:16:DE:CF:DB:04:A8:5A:5A:34:2A:36:83:88:C8:28:56:8B:EA:01:10:5F:7C:78:C1:7F:9A:BA:73:68:5A:3A:3D:E8:0C:0D:8B:B8:5B:C4:62:26:DB:D6:DF:7D:45:35:F3:D8:6C:29:7F:68:58:4E:5B:3D:A2:51:EC:E2:84:4A:C5:50:9B:31:6E:01:9A:76:04:77:4E:94:03:EC:69:CC:F6:92:33:D9:59:E2:A3:5D:52:8A:6F:03:62:C4:5F:43:17:5B:D3:E0:44:E3:AE:AB:96:69:15:76:FE:E9:C3:F0:51:F4:AA:F7:46:50:8A:71:E8:E1:5A:50:D4:BD:41:AF:5D:C3:02:D8:CA:3D:9D:AA:CB:18:61:CC:A5:0E:47:A8:BC:E0:94:F9:13:0C:19:18:B6:78:E7:3F:CC:10:DB:DC:BA:E7:51:DD:4F:E0:B5:34--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------85: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 16:10:bf:a8:df:90 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------85: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 16:10:bf:a8:df:90 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci 1610bfa8df900001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------85: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 1610bfa8df900001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb