16
unknown
unknown
beakerlib-1.29.2-1.fc38.noarch
unknown
2022-10-02 20:02:37 EDT
2022-10-02 20:05:36 EDT
Fedora release 38 (Rawhide)
sweetpig-21.4a2m.lab.eng.bos.redhat.com
unknown
2 x Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
6449 MB
234.60 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.0.0/kernel/drivers/net/macsec.kolicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecdepends:retpoline: Yintree: Yname: macsecvermagic: 6.0.0 SMP preempt mod_unloadsig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 0F:27:CD:93:B4:F2:1F:C2:FF:FB:0B:83:6F:0B:E4:54:10:BC:98:96sig_hashalgo: sha512signature: 5B:E8:EB:3D:35:BD:DC:3B:98:99:57:A7:3E:1E:F1:02:EA:9D:06:B3:99:32:4A:95:2E:1F:38:6A:F0:13:F0:66:94:A9:5C:76:75:C8:41:51:AD:4A:E5:5A:FA:80:C4:C3:55:8E:39:16:02:E8:50:42:B5:9E:58:2F:6C:07:F0:78:B7:09:7B:73:47:39:CD:40:68:07:30:6C:82:EE:07:25:0F:95:7B:40:C1:87:31:C1:3B:34:27:5F:D3:81:3E:DF:1F:F9:BA:1A:2E:11:13:64:1F:E6:A7:04:64:C2:34:25:34:A7:EE:B0:02:6C:83:86:30:B1:48:29:2C:C7:B2:2C:96:69:44:C8:71:19:9E:4F:F6:03:C1:E5:8C:40:A4:6A:A0:99:DB:81:B0:62:DC:62:CC:00:B1:F9:DA:1A:33:BB:72:9B:E8:8F:8F:5B:84:A3:3C:3B:56:EC:25:AB:42:25:86:07:F5:1F:26:7D:37:79:4E:86:5C:B8:11:13:4C:0A:E9:22:A7:06:B1:0E:D6:83:EA:E3:DD:A1:60:1C:DE:C5:6B:00:4E:A2:FD:78:DB:20:59:38:23:C0:4C:5D:A7:81:14:C5:D6:7E:35:B5:22:76:F7:7C:37:CC:D7:15:B4:36:77:E3:73:C4:8C:8F:9B:7B:90:7E:65:CA:BC:A8:73:16:F7:7A:BD:DF:D7:51:FD:B3:FD:88:56:4F:3B:45:95:03:EF:35:CF:E2:99:15:BF:34:7E:57:5B:ED:64:6F:5C:63:2A:70:E7:AF:D0:5A:81:99:7B:3D:59:76:DA:64:6E:5D:45:D2:B7:4C:12:0F:D0:13:81:DF:63:E1:44:54:BA:30:42:C4:74:2C:06:ED:DD:83:91:81:C6:F6:35:34:72:C4:CB:A9:2B:06:8D:19:DF:41:66:B0:3C:EE:91:CA:96:E4:A4:CD:6E:23:D4:08:9E:A1:59:4A:56:AD:FB:32:94:B3:F6:62:C7:71:BA:D5:5B:46:3F:57:81:AF:9B:F9:21:52:58:60:F3:F1:D0:71:88:EF:72:F5:FE:7F:25:8C:22:7E:1A:FB:0C:E6:4F:A3:C2:96:AB:97:EA:1A:D0:3B:6C:D3:9F:AB:8B:B9:EC:12:3F:B7:1E:10:17:AC:3A:77:56:E1:26:B0:EB:AF:EA:0A:FD:FC:E5:06:8C:78:C3:D1:3F:6E:E3:EF:0D:30:D2:11:69:D1:F3:83:10:D2:F8:BA:C1:E5:C7:0F:7C:8D:B0:C5:68:1F:DC:5E:61:BB:96:D4:A2:79:F9:B3:AF:67:CA:79:6D:5B:76:52:18:1D:EA:E8:10:F1:92:25:FE:3F:FD:A0:D4:3F:D0:02:D6:CB:AC:FD:78:EF--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------80: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether ba:10:98:81:55:02 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------80: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether ba:10:98:81:55:02 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci ba10988155020001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------80: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: ba10988155020001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb