14
unknown
unknown
beakerlib-1.29.2-1.fc38.noarch
unknown
2022-09-30 19:51:29 EDT
2022-09-30 19:54:25 EDT
Fedora release 38 (Rawhide)
s390x-kvm-008.lab.eng.rdu2.redhat.com
unknown
0 x
8023 MB
119.87 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.0.0-rc7/kernel/drivers/net/macsec.kolicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecdepends:intree: Yname: macsecvermagic: 6.0.0-rc7 SMP mod_unloadsig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 11:68:36:CA:0C:2A:2B:10:87:74:1D:9B:90:5A:C7:5A:EC:6C:2C:84sig_hashalgo: sha512signature: 3A:0B:B8:A6:EE:F0:60:70:33:C5:22:06:E2:81:C5:F4:64:A3:FD:08:88:9F:AA:41:61:9E:28:DA:1D:16:AB:9A:30:47:E0:A9:29:AD:C0:CF:B8:7C:50:30:A8:86:9D:4D:DB:65:F4:AF:94:F0:0D:0F:D3:55:CD:29:8C:9C:EA:6A:AC:88:F5:47:A7:AB:69:94:4B:35:2D:64:C5:20:23:A5:A2:C3:C5:F2:E7:ED:C6:6B:1E:C5:AA:A4:0F:FE:47:42:6E:9C:5B:3F:07:60:ED:98:1A:47:DE:72:AA:2C:2B:26:01:5C:9D:9C:89:14:22:76:66:8B:8E:DA:FF:BB:4F:88:8C:DD:9C:7D:C7:99:4B:4F:43:80:7B:FD:2E:8B:C1:93:50:FC:78:3D:1D:2B:53:E3:8A:1D:03:C3:3C:13:05:DC:29:FB:50:0B:2F:E5:AC:79:E4:8D:63:DE:B8:27:14:E1:FD:41:99:5E:9F:3A:6E:66:90:C2:3D:D9:A7:6E:88:44:29:AD:06:47:D9:E2:91:86:B0:2C:6D:F8:BF:A4:57:56:92:39:0F:A8:B7:F9:1F:28:06:DC:11:B7:53:91:11:4B:E9:1C:3F:8C:87:FD:B1:49:23:6D:45:04:78:A3:79:20:4E:BD:A1:1D:CD:A7:A0:5B:42:90:54:24:0F:70:CE:8C:86:2E:2D:DD:93:FF:23:C3:98:01:8A:8F:D1:73:72:CC:34:34:6A:CF:AF:01:38:5B:2A:7E:EE:A4:0E:1E:3F:13:59:E2:BF:62:98:E4:85:8D:41:23:BE:D4:89:58:B1:E8:80:4A:D5:9B:06:DD:84:E5:32:45:F6:2D:E3:5B:CE:DC:1E:BF:01:EB:91:80:FE:E0:0E:BC:93:76:94:26:24:07:8D:52:0A:61:7D:0B:15:FD:08:A4:DE:52:37:2D:9E:2C:44:10:AE:EC:04:EA:47:3C:D3:DE:14:BC:AA:DB:D2:B4:DD:E0:F4:9B:1E:39:9F:63:B1:36:5D:7B:EA:61:E2:D4:5F:73:BF:66:31:23:48:B6:13:C6:42:81:7E:99:5D:58:FF:F4:1C:A3:74:EF:8D:11:D4:2C:E5:6C:E0:72:4E:61:DB:18:DF:AD:CE:73:5D:C4:E7:D4:78:8E:8A:32:DF:07:4E:1D:AD:65:A3:7F:C0:78:B7:23:99:D0:9C:DA:F9:7C:14:31:50:6F:40:7F:17:BD:F5:50:70:24:B2:2F:6E:A8:B7:3D:76:10:67:4F:D0:1B:22:21:03:24:44:C5:53:0F:07:63:BE:19:D7:52:93:BD:7E:CF:55:D9:8B:0D:10:EE:25:F0:70:F3:1E:23:07:56:CD:6A:6F:55:33:42:85:66--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------82: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether f6:57:e2:32:3f:30 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------82: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether f6:57:e2:32:3f:30 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci f657e2323f300001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------82: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: f657e2323f300001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb