17
unknown
unknown
beakerlib-1.29.2-1.fc38.noarch
unknown
2022-09-30 21:29:13 EDT
2022-09-30 21:33:04 EDT
Fedora release 38 (Rawhide)
ampere-mtsnow-altramax-06.khw4.lab.eng.bos.redhat.com
unknown
0 x
63710 MB
894.12 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.0.0-rc7/kernel/drivers/net/macsec.kolicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecdepends:intree: Yname: macsecvermagic: 6.0.0-rc7 SMP preempt mod_unload aarch64sig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 7C:4B:69:D8:2E:8A:A8:5C:F4:4D:34:EA:42:D4:E3:F9:C0:53:92:85sig_hashalgo: sha512signature: 70:B9:6F:CB:39:11:9F:DD:F8:5C:79:0C:F9:C3:74:DA:68:81:9E:1C:D6:AB:FB:C8:A0:6C:E5:4C:3B:79:1C:9A:89:A7:D2:52:D6:67:FC:54:34:EA:8E:06:44:E7:4B:62:13:24:AB:3E:81:02:CA:A3:BE:1D:D2:8E:F4:FA:B5:EE:39:D6:78:DD:0D:76:57:C4:47:57:DB:3A:67:16:4F:AD:AD:E3:DF:98:2D:BA:D9:37:A5:10:8D:7D:F1:23:4C:B6:57:5E:EA:93:D1:03:87:FE:11:3F:1D:AB:E8:BC:E4:CF:C0:09:CA:F3:F5:41:83:AD:2E:19:DF:71:2F:8D:D9:DE:A9:AB:2D:F1:E9:90:D3:AD:19:80:09:3D:5A:E9:8C:91:32:15:19:5B:56:1E:A5:4B:C7:5A:98:96:7A:7E:74:8B:C0:49:58:3B:1B:81:09:22:D7:25:4E:E0:48:08:6D:F8:04:CB:4A:AC:F1:B7:88:82:B5:B2:E2:50:94:B4:62:1E:7C:19:83:BE:39:E8:7C:08:E8:A5:6C:74:55:0F:33:9E:61:1B:89:96:2A:F4:4F:CC:2A:6E:38:59:B8:F0:5A:FD:43:50:0E:76:E6:C7:BE:FB:88:CB:BE:7E:0C:92:D1:D3:3E:EE:8C:B2:AB:4B:D5:0C:28:1B:8B:D7:DC:73:36:9B:1E:9D:4A:9F:3B:C9:17:BE:3E:21:D5:19:D1:8E:5B:48:92:58:D2:B6:6C:C9:29:8F:68:02:9D:61:73:C8:51:97:69:67:B7:C4:4D:65:42:59:7A:3E:B8:1F:B8:00:79:B2:D4:5F:0A:CD:10:AC:D1:F8:3B:62:D2:DA:46:AC:35:03:EF:07:C3:94:44:0A:D8:71:20:BD:78:5C:31:CA:67:54:9C:B6:C1:80:2F:C9:56:38:0A:04:A1:22:12:33:E0:D0:4A:17:30:91:D1:1A:2E:41:9F:A4:78:AC:E4:65:7B:55:6E:C3:01:81:41:09:BE:0A:C8:F3:59:FD:7C:38:EE:22:3B:99:25:66:AA:0C:5E:A6:23:0D:78:85:81:2C:3B:E0:46:5C:21:3E:58:88:47:5C:87:EE:49:E8:28:7F:FA:26:20:17:34:89:1D:A1:A1:EC:AB:60:7C:2D:9D:DB:6E:28:2B:D3:8F:21:32:EC:A4:34:EF:66:90:F6:83:D5:17:89:19:2A:64:37:7B:35:3F:CE:8E:89:6A:65:09:1E:46:01:C8:BD:E8:93:47:DD:8D:BD:B6:3F:D3:BB:FD:B6:C1:68:A5:5C:B6:15:53:F4:B5:DD:F4:2C:0B:4E:33:79:25:13:BF:5C:0D:06:94:78:1B:9B:A6:70:CA:19:33:B3:8B:59--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------85: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether ca:e3:b4:d1:83:64 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------85: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether ca:e3:b4:d1:83:64 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci cae3b4d183640001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------85: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: cae3b4d183640001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb