18
unknown
unknown
beakerlib-1.29.3-1.fc38.noarch
unknown
2023-01-03 04:43:03 EST
2023-01-03 04:46:06 EST
Fedora release 38 (Rawhide)
ampere-mtsnow-altramax-03-vm-02.lab.eng.rdu2.redhat.com
unknown
0 x
70204 MB
119.86 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.0.16/kernel/drivers/net/macsec.kolicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecdepends:intree: Yname: macsecvermagic: 6.0.16 SMP preempt mod_unload aarch64sig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 3F:28:3C:2E:7E:14:EA:59:3F:EB:70:CA:D1:06:28:39:1A:40:75:0Asig_hashalgo: sha512signature: A7:23:06:91:24:BF:5D:BE:25:09:E5:A5:99:0E:F2:29:5A:68:E9:61:A9:36:66:1A:FF:ED:04:E6:D6:C8:0B:26:CA:42:A6:71:95:F3:C8:C4:D3:46:59:C3:17:C4:1F:1C:E1:AD:26:38:20:E4:18:DE:50:7C:1C:08:2A:4C:81:29:5B:07:9F:D9:72:A4:A3:17:57:FF:EA:B4:35:5D:22:8B:7B:ED:C9:E5:A3:2F:D0:04:E0:FB:E5:CB:9E:E9:DC:13:17:8F:1A:98:B6:E3:70:B8:33:D1:58:15:87:E4:DD:E9:10:71:62:E1:1C:13:C9:F8:4F:C5:91:50:E1:29:9A:EA:A0:37:E5:40:C5:EF:EC:70:FE:01:8E:94:95:32:C8:CA:D6:11:73:9C:06:D9:0F:F2:93:9E:B1:D2:59:DA:DB:A6:35:75:C3:A5:96:5B:98:B0:69:61:2C:BB:A7:26:E4:B3:29:2B:E4:01:CD:DA:A2:40:AE:08:35:9E:88:BD:02:49:35:3C:55:18:5C:ED:70:F2:C1:CB:AB:35:B7:B2:DD:00:ED:FF:2E:48:17:0B:9E:2D:93:F8:38:74:9D:20:9A:6C:4E:C6:82:52:EB:E7:21:EC:C2:95:97:5E:5D:29:05:E0:2D:50:88:75:E2:3A:54:16:BE:8E:4F:B1:E8:C1:B3:3F:AF:A9:0D:94:A7:A4:B0:51:08:FE:81:8A:76:8D:12:45:C1:04:4F:C5:72:65:E8:11:5F:3D:8B:23:BA:BD:76:E4:4B:68:B9:2E:3C:AA:B6:D9:F4:14:E0:9F:E8:7B:44:6D:1B:7E:19:26:F1:BA:09:37:D0:8F:CB:B1:FB:7B:A9:A4:97:E2:7D:4C:6A:05:25:65:82:FD:9D:7A:CC:65:FE:C0:39:5A:52:C7:B8:A3:F3:BE:CB:4D:16:A8:C0:77:F6:ED:69:87:7F:F3:E9:47:79:70:06:67:EF:15:A7:CE:12:C6:D0:B3:FB:38:69:25:C4:3E:AF:82:51:32:C6:63:8D:C4:11:FF:8D:01:F0:7D:76:FD:01:33:B4:53:82:A9:94:0F:3C:E7:0E:94:0D:3A:E3:B8:AE:EA:7B:B1:33:93:E8:87:70:CF:40:93:81:9F:87:A8:6F:5C:80:03:CE:FF:3F:3C:D7:8C:92:20:CE:85:74:86:9F:E3:9E:5A:59:9A:82:95:40:96:D6:EA:E5:7D:99:0D:54:2E:2B:F5:85:D3:E9:A6:78:B8:1F:75:25:F5:AC:CD:99:04:56:90:F9:DF:85:B4:D6:93:F8:96:C8:69:AE:AB:1D:70:FE:3D:88:71:1F:A0:4D:3D:C4:A8:28:F3:E9:F7:23:88:97:6A:1B:53:DC:42--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------84: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether f2:07:f6:d4:eb:93 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------84: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether f2:07:f6:d4:eb:93 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci f207f6d4eb930001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------84: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: f207f6d4eb930001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb