17
unknown
unknown
beakerlib-1.29.3-1.fc38.noarch
unknown
2023-01-05 05:49:52 CET
2023-01-05 05:52:40 CET
Fedora release 38 (Rawhide)
kvm-02-guest05.rhts.eng.brq.redhat.com
unknown
1 x Intel Core Processor (Broadwell, IBRS)
3914 MB
118.94 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.2.0-rc2/kernel/drivers/net/macsec.koalias: rtnl-link-macsecalias: net-pf-16-proto-16-family-macsecdescription: MACsec IEEE 802.1AElicense: GPL v2vermagic: 6.2.0-rc2 SMP preempt mod_unloadname: macsecintree: Yretpoline: Ydepends:sig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 79:B9:6E:5C:96:DD:74:67:E9:16:54:97:7F:DF:D9:EE:6D:26:12:76sig_hashalgo: sha512signature: 24:21:9F:31:F1:85:E4:8B:0F:22:AF:FC:35:4C:33:C3:35:A4:7B:79:00:2C:BA:67:FA:E1:82:A1:85:00:96:02:AB:CD:8B:5C:8A:FE:5A:4A:16:CD:F0:45:59:38:3E:62:6E:34:44:1B:01:45:4B:FD:BD:6D:0C:B8:46:F8:DD:CD:85:64:0F:C4:AD:4D:F0:85:2F:15:33:BA:C8:B2:55:95:A7:76:85:17:F6:93:76:D2:D1:2A:82:1D:88:F4:F7:F1:EF:24:3B:EC:73:A1:C7:43:34:D9:94:F5:F0:DB:DC:32:54:25:83:F4:DF:CA:61:0B:B7:7E:D0:37:97:D5:17:31:8F:43:CC:E9:40:87:4C:FC:99:23:2B:CA:C2:41:BF:98:84:A6:A7:D9:20:79:AA:3A:B5:21:BE:FF:AF:F5:AC:C6:D5:C9:63:22:C5:7C:1B:F6:A2:37:CF:EE:D7:49:66:5C:10:63:A7:46:85:E6:67:8E:BE:42:09:01:3B:F1:98:BD:36:AE:E1:5A:B1:02:C1:F0:C5:A8:BD:25:09:CF:2D:55:92:91:E8:92:0B:D5:2E:16:D2:E9:AA:C4:62:25:8B:F2:48:E8:D7:D7:CE:51:A8:FC:EE:F2:EF:FB:CC:4C:3A:4D:DC:48:7C:7B:AF:2E:A5:14:BE:C7:DF:BB:EC:1A:E2:84:13:D3:B7:48:DB:A8:50:A2:66:28:EF:37:5F:54:17:10:F9:5C:FF:45:C4:AB:80:D9:1A:C0:15:37:AE:36:30:3E:6A:24:36:19:F9:97:1B:60:27:06:AC:9E:F4:DC:8B:F3:93:36:80:49:4F:87:E8:98:D1:FD:97:81:76:CA:0F:1C:E0:D9:4B:C4:30:F5:55:4D:11:F9:94:29:D1:B1:E0:B5:2D:DF:29:44:D2:8D:3E:DD:5A:31:5E:39:2C:63:2B:34:39:48:B9:8C:89:7B:74:EF:27:09:F8:41:0E:EC:4B:CA:D3:E8:2C:E5:3A:C9:FF:10:6C:A3:04:1D:2F:EF:7F:19:B2:9C:3B:F2:58:B4:B5:62:D0:5D:E3:E1:88:30:2E:E6:67:10:54:B0:FE:B4:7D:AA:BD:3B:0A:47:D4:1C:B1:77:FD:18:E6:32:48:8D:83:B4:E1:D2:08:4A:D9:C7:BD:E2:0C:75:1F:48:9E:C1:35:AE:E1:BB:B4:F6:5A:26:3A:71:40:C3:EB:02:72:2B:C5:83:EB:22:5F:2B:DA:C3:3C:EC:16:A6:E9:DB:EB:13:56:A0:68:B7:33:B7:12:CA:90:0A:25:DE:E1:C8:C7:75:A6:5D:56:E0:AC:DE:0B:E8:8E:73:A6:48:88:9D:D9:3B:42:F0:DF:38:34:B8:E9:BA:CE:36--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------82: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether e6:95:17:20:06:4d brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------82: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether e6:95:17:20:06:4d brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci e6951720064d0001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------82: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: e6951720064d0001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb