16
unknown
unknown
beakerlib-1.29.2-1.fc38.noarch
unknown
2022-10-01 00:04:28 CEST
2022-10-01 00:07:33 CEST
Fedora release 38 (Rawhide)
kvm-02-guest10.rhts.eng.brq.redhat.com
unknown
1 x Intel Core Processor (Broadwell, IBRS)
3918 MB
59.87 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.0.0-rc7/kernel/drivers/net/macsec.koalias: rtnl-link-macsecalias: net-pf-16-proto-16-family-macsecdescription: MACsec IEEE 802.1AElicense: GPL v2vermagic: 6.0.0-rc7 SMP preempt mod_unloadname: macsecintree: Yretpoline: Ydepends:sig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 2C:08:C6:58:10:7B:7A:D4:F6:97:29:3C:5C:FB:80:89:ED:42:88:18sig_hashalgo: sha512signature: 6A:D8:6E:F4:53:F8:27:6E:F3:C8:E5:13:BE:7C:36:E0:A4:1B:AA:03:A1:17:A9:64:C6:D8:6E:D9:4E:03:4A:44:10:42:5C:38:C7:97:E1:33:D5:2D:F6:11:AA:A1:5A:32:D6:2B:EE:65:49:E6:17:97:80:59:19:3B:B6:A5:F1:B0:E0:9E:71:B9:51:28:FA:5D:6D:DC:59:E0:1B:7A:52:01:AD:E8:3F:67:90:5F:24:E3:4A:5F:75:2F:E5:15:7D:62:F4:CC:9C:4F:9C:A3:2C:AB:57:78:97:1B:C4:23:5E:8D:E4:BB:4B:46:F0:C0:A2:F6:81:0D:6B:93:24:E1:59:FD:A1:83:AD:8C:E7:8A:31:C5:DB:CF:8F:EC:4E:59:E9:D8:D9:8E:65:25:21:B8:D7:C2:29:E7:01:22:C4:56:95:EE:19:D1:0D:A2:2C:91:B5:53:B3:4A:81:74:14:30:7D:05:3C:5D:44:E5:CF:EA:DC:8C:E8:8B:0B:60:94:FF:89:9B:86:B0:1B:52:65:EC:16:9E:AD:3D:9B:AA:48:63:A7:87:EC:7B:E5:5D:DC:11:7B:94:12:CA:04:9E:E4:C0:6D:5A:09:14:C9:6D:E4:3B:76:CC:39:8D:8A:D5:85:23:6E:6E:4F:ED:5F:64:2C:00:6D:08:EC:FF:C5:86:4E:0F:DB:54:DF:1A:E8:37:59:82:47:F4:1E:F7:BA:A8:57:14:E0:6B:0D:E5:F8:7E:9E:83:5E:89:DA:C6:EF:D2:23:E6:DA:AF:56:E2:8A:27:1B:09:04:2D:48:64:2C:06:BF:A2:0F:CC:A8:5B:22:FA:0D:5F:A7:3A:2C:04:78:7A:FC:36:D4:0D:DF:FE:82:EF:9B:9C:A5:D3:09:A7:42:C0:E5:12:1B:17:B7:4C:AE:72:41:B4:6E:7C:C0:14:94:DA:EA:D7:EF:A1:21:B3:EA:D9:43:D1:8F:72:43:E6:20:2F:3E:C1:A9:DE:3D:A0:D5:5F:D9:35:8F:98:7D:9E:35:2C:93:9B:54:E0:E4:D7:5C:9E:32:AF:46:30:52:5A:50:52:F3:F4:C0:68:BD:2F:C7:35:8B:63:A2:1E:5A:EA:65:83:4A:C0:A4:EA:29:17:32:60:2A:46:57:97:06:0F:FD:CB:94:E4:C3:EC:39:03:97:90:E5:26:3E:8F:B8:13:44:59:0C:A3:AE:EA:1E:BC:6E:03:D9:08:E9:F1:BB:ED:79:6D:F5:BC:07:01:30:2D:57:C3:77:22:B3:B2:E8:4B:BB:3C:2C:E5:FE:D1:4B:3D:68:62:49:6C:CA:DE:C8:AB:4B:61:B4:47:67:41:55:05:43:AD:C0:31:EE:8A:42:E4:96:04:6B:EF:26:C7--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------89: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether ee:62:09:e0:71:8d brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------89: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether ee:62:09:e0:71:8d brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci ee6209e0718d0001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------89: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: ee6209e0718d0001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb