17
unknown
unknown
beakerlib-1.29.3-1.fc38.noarch
unknown
2023-01-07 16:24:18 CET
2023-01-07 16:27:39 CET
Fedora release 38 (Rawhide)
kvm-02-guest20.rhts.eng.brq.redhat.com
unknown
1 x Intel Core Processor (Broadwell, IBRS)
3918 MB
59.87 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.0.18/kernel/drivers/net/macsec.kolicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecdepends:retpoline: Yintree: Yname: macsecvermagic: 6.0.18 SMP preempt mod_unloadsig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 30:3A:D2:51:F6:94:F9:49:BB:D9:63:9D:A3:CC:2F:1B:CD:DF:08:AAsig_hashalgo: sha512signature: 94:21:A1:21:C0:58:03:AF:99:7C:63:00:E3:5B:66:6A:1C:97:41:5B:E0:70:78:73:6D:40:CE:5E:F8:29:D0:31:CB:59:09:5C:FD:90:84:8F:E7:76:CB:A4:54:69:6B:EC:04:EE:8D:9E:4D:60:55:42:B3:11:BE:9B:AD:C1:DB:53:83:7A:68:0A:FE:E4:65:13:B6:70:FF:A1:6B:22:81:74:A3:13:46:89:61:B7:15:81:DC:89:5D:E4:2C:BB:B2:C8:08:4F:EB:6A:B5:A9:B2:AC:35:17:67:4F:FC:06:9D:B8:6F:75:00:3F:D8:DA:8A:E8:C2:EA:A5:1C:41:21:8C:3A:DE:52:D3:B8:7E:F2:A1:96:BC:B2:C2:5B:1A:68:7D:3E:04:61:61:1A:AD:EE:11:33:2F:71:D5:72:F1:27:7E:83:21:BA:37:60:65:99:59:CC:2F:DD:7A:4D:86:25:58:9E:8F:61:16:59:44:A9:0F:D1:F1:AD:90:F4:4B:3C:4A:3A:DC:DF:36:C7:9F:C1:9B:8E:7B:EB:BB:0A:B2:39:EE:7A:B1:FB:11:36:13:4A:45:F9:BF:AD:65:07:37:EC:4A:B8:DA:54:C4:72:8F:83:2D:DC:E0:C8:1A:1B:6B:F0:B8:D8:C4:8D:68:FF:A3:D1:92:E9:68:8B:62:C7:44:86:99:73:8D:72:6B:6E:30:DF:B0:9C:2F:89:B6:F1:57:D2:D6:65:84:AE:FB:8D:A5:BA:F1:60:6E:F1:07:30:81:9E:25:9A:4B:19:F6:72:AB:66:3D:85:D9:95:BA:DE:B7:DB:5F:73:12:D2:8E:5E:B6:53:F6:67:88:AA:B0:D2:1A:BB:EE:81:38:EB:D7:99:A5:C8:9A:6D:FA:C0:80:63:72:C8:75:0E:27:2F:6C:ED:C0:0B:67:2D:5E:3D:DE:B5:CF:FB:69:B7:E4:AA:E1:07:5F:F2:3E:EB:5A:AE:82:E8:D2:12:FF:18:62:DA:67:51:F1:7D:86:AF:4E:C1:73:66:92:4B:1F:DE:85:43:51:A5:C4:4D:15:FB:53:F1:55:8F:42:BE:47:C0:8E:19:57:CC:B3:7B:CF:C4:39:31:D0:78:63:60:3D:B3:4F:9C:7F:AB:74:35:11:EC:DF:F0:70:A7:84:1A:26:4D:E8:E2:ED:8B:30:5D:0C:5E:19:2C:10:C4:42:65:03:8A:29:55:05:B1:14:77:12:C8:FD:21:00:6B:D9:11:14:D7:8C:37:6E:6C:76:5A:82:68:65:00:CA:72:8E:65:D6:64:3F:3F:C5:70:06:06:7A:41:0D:84:98:FD:9F:39:70:D2:B8:FC:D7:BE:F0:C0:C9:5D:9C:CF:4C:46:0B:74:E0:E1--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------79: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 4a:f0:cf:b5:8b:9b brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------79: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 4a:f0:cf:b5:8b:9b brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci 4af0cfb58b9b0001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------79: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 4af0cfb58b9b0001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb