17
unknown
unknown
beakerlib-1.29.3-1.fc38.noarch
unknown
2023-01-12 09:50:06 EST
2023-01-12 09:52:59 EST
Fedora release 38 (Rawhide)
kvm-04-guest14.lab.eng.rdu2.redhat.com
unknown
1 x Intel Xeon Processor (Skylake, IBRS)
3726 MB
53.87 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.2.0-0.rc3.e8f60cd7db24.27.test.fc38.x86_64/kernel/drivers/net/macsec.ko.xzlicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecrhelversion: 9.99depends:retpoline: Yintree: Yname: macsecvermagic: 6.2.0-0.rc3.e8f60cd7db24.27.test.fc38.x86_64 SMP preempt mod_unloadsig_id: PKCS#7signer: Fedora kernel signing keysig_key: 6E:CA:BA:C7:B3:15:B5:41:C5:5A:55:B6:BD:11:17:5F:19:DA:18:CDsig_hashalgo: sha256signature: 42:FD:98:B7:98:88:BB:3F:53:01:A6:5E:88:E3:6A:86:97:FB:93:E8:03:B5:55:B6:2F:39:2C:59:8D:FB:0B:48:66:6F:54:36:F7:35:49:D9:4F:1F:BA:FA:FF:60:E1:CC:EB:C3:63:CE:E8:18:81:74:18:20:BE:53:7B:BA:16:61:07:26:3C:C5:C0:77:C2:68:68:1C:D9:36:F4:99:DE:35:3F:E8:1B:05:EE:DA:A6:C9:7B:46:9C:68:8C:C0:D3:01:A1:12:8B:C8:53:CB:75:85:CF:BE:1C:61:44:5F:23:BC:6B:85:1D:D1:A4:1B:BD:C9:1C:F3:D0:D0:62:8C:D2:C0:FD:6A:15:E8:55:40:0A:65:31:81:48:9E:3B:B5:BA:82:CD:37:3D:4A:BA:06:DB:78:A7:48:45:27:4B:73:FF:1A:CF:DC:4A:4B:FD:76:D1:DF:5D:8A:C7:E8:CB:6D:01:47:D9:75:57:6F:47:95:0C:89:FC:46:14:1B:3E:08:81:E6:D6:83:5E:87:ED:7D:8E:F0:12:BD:79:DF:9A:2A:11:FA:75:44:86:4F:72:23:C2:B4:0E:80:AC:42:C2:81:F9:93:87:A6:6F:A0:0B:7D:7F:B6:DF:DD:4D:BC:47:77:6F:BA:7D:4A:63:12:C2:D4:CB:AC:17:26:1B:A2:99:79:DC:93:10:F1:E9:F6:D8:51:5A:23:BE:79:96:5D:67:60:CD:EA:C1:BC:E8:AB:EC:6A:AB:5E:AA:F8:20:C8:D3:67:05:C6:40:8B:32:5A:A8:6A:43:F2:4C:F0:48:2D:04:B1:60:FA:3C:9C:84:F2:C5:F6:76:5F:32:D5:39:3F:5A:DA:11:5F:8A:47:81:62:4B:F9:6D:89:A8:86:D2:2B:C8:54:9A:A1:DF:DB:F0:F2:5E:89:00:4C:95:B8:DB:14:D6:E6:93:D8:64:0F:3D:AA:F7:98:C5:BF:D3:92:1E:ED:BB:A4:67:53:EA:CF:D4:86:92:62:06:27:0D:5D:9C:5E:10:9E:42:16:F2:DF:B9:B9:88:5C:76:BB:57:7F:F2:62:EC:04:DD:30:67:8D:82:B2:ED:FC:CA:A8:57:55:D6:E4:09:12:C1:30:14:45:3F:1E:EE:50:43:D3:67:E1:B8:DF:51:2A:4E:3C:F8:B3:9B:C2:2E:B5:85:11:15:62:84:04:C5:1B:95:B9:FF:BC:28:D5:3D:A9:BB:2E:AE:63:19:78:57:19:9E:8F:53:FE:22:FD:61:C9:37:58:35:84:72:43:2B:83:03:D7:49:C6:6E:6B:9F:98:28:12:8E:40:62:EC:62:1C:E1:3B:43:E1:B1:B5:F5:33:01:AF:19:05:DD:15:DA:B2:B8:D8--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------85: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 32:ff:24:46:fe:c6 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------85: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 32:ff:24:46:fe:c6 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci 32ff2446fec60001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------85: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 32ff2446fec60001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb