8
unknown
unknown
beakerlib-1.29.3-1.fc38.noarch
unknown
2023-01-10 21:10:48 EST
2023-01-10 21:13:42 EST
Fedora release 38 (Rawhide)
kvm-01-guest13.lab.eng.rdu2.redhat.com
unknown
1 x Intel Xeon Processor (Skylake, IBRS)
3914 MB
98.94 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.2.0-rc2/kernel/drivers/net/macsec.kolicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecdepends:retpoline: Yintree: Yname: macsecvermagic: 6.2.0-rc2 SMP preempt mod_unloadsig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 05:36:BD:D9:8B:AF:98:06:53:59:11:B4:48:10:81:D2:85:A8:D6:52sig_hashalgo: sha512signature: 87:56:CB:4B:1D:60:F4:00:CC:26:45:66:9A:92:5B:A2:FC:03:95:FE:B1:60:27:81:77:5D:FA:B2:23:CD:C1:3E:D7:A5:1B:67:E2:22:DE:D0:44:0B:16:48:B2:D1:97:11:2B:23:4F:E5:BD:A5:B8:DE:29:C2:F8:64:62:9A:69:3E:DF:BA:23:6C:37:7C:7B:52:D2:20:88:0A:61:20:1F:99:BA:79:31:9B:CA:14:F4:5D:4F:DC:EE:7C:FF:21:2D:51:60:A1:80:FD:73:DF:64:D6:09:40:14:71:30:AA:1A:3B:98:B8:DC:10:0E:04:06:88:D8:45:9B:24:E3:03:22:73:09:04:20:3E:A9:7F:D7:EF:2A:B7:C2:1F:46:A4:3E:6E:F1:B5:22:67:33:C8:5C:3E:B6:B6:57:FE:51:9D:C7:4C:9B:73:64:67:3B:66:58:26:0B:1A:F0:54:68:38:3E:86:11:5D:1A:48:E9:27:22:D5:A7:54:DD:5D:35:B2:8C:F9:0B:57:83:B0:61:D5:04:25:D8:FA:D5:F3:15:E0:E9:1F:C1:C0:36:8C:40:9A:D7:79:30:00:E5:12:FC:5F:67:51:0B:5C:01:6C:03:FF:F9:B6:5D:60:95:CE:76:75:B6:16:B9:D6:82:B9:87:9E:FC:A8:B3:F3:61:4F:8D:DA:B0:43:6D:CE:50:99:1E:5A:4C:C3:4B:96:79:F8:F3:80:07:64:9C:CC:B5:1E:1F:D1:92:3A:7A:DA:04:5A:6C:AB:93:49:43:E3:A1:B1:DE:03:9D:53:C6:41:D9:D6:A1:C6:F4:F6:D5:04:5A:3D:10:C7:92:6B:90:06:FE:CD:1D:6A:EE:E6:4C:54:E8:9C:AE:34:AB:51:D4:C3:66:97:CC:09:CD:40:2B:86:9D:EF:2E:96:79:32:FC:EB:86:DD:3D:6C:A6:E9:F3:CF:9B:DD:B5:36:14:EF:EC:60:97:32:D9:13:AB:00:78:34:41:AE:63:A8:81:8F:85:80:DB:2B:A0:DE:E7:68:29:DA:5A:FB:64:CD:33:60:55:C6:F3:32:19:11:55:54:BA:D6:D4:A8:E1:99:FC:2F:21:56:F7:E1:3A:E5:BB:60:34:BB:4D:FD:D1:77:55:79:3C:B6:5D:B0:31:C3:E1:C6:24:8F:54:99:56:94:39:78:B5:32:56:5C:4A:CC:36:75:C7:83:C1:74:E3:EE:5E:D7:29:8F:B4:69:BB:0B:99:2C:E3:87:1D:6F:D9:04:2A:45:B3:04:2E:6C:20:9F:BD:96:66:9B:9C:BF:8B:BD:A7:86:B4:3B:47:93:71:A6:C9:AB:AD:1C:E3:22:FA:97:72:B2:40:47:A6:AE:19:D2:A8:C6--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------77: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 3e:c0:62:0f:e2:78 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------77: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 3e:c0:62:0f:e2:78 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci 3ec0620fe2780001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------77: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 3ec0620fe2780001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb