18
unknown
unknown
beakerlib-1.29.3-1.fc38.noarch
unknown
2023-01-16 13:59:01 EST
2023-01-16 14:02:05 EST
Fedora release 38 (Rawhide)
ampere-mtsnow-altramax-01-vm-14.lab.eng.rdu2.redhat.com
unknown
0 x
34995 MB
61.86 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.1.6/kernel/drivers/net/macsec.kolicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecdepends:intree: Yname: macsecvermagic: 6.1.6 SMP preempt mod_unload aarch64sig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 6E:F9:2C:3A:8C:86:D2:A8:75:DF:E5:88:8B:AF:F7:AC:B5:A8:81:CBsig_hashalgo: sha512signature: 21:E9:10:F9:E6:56:CB:E6:25:70:20:D3:86:37:50:04:A2:C0:E6:A7:58:15:C1:C8:19:E2:91:7A:6A:60:F5:66:D3:6D:8B:19:18:97:CD:BE:7A:DB:51:81:8A:F5:72:4D:0B:8C:95:48:3F:89:FF:6C:95:0A:5A:7C:12:FE:E8:7D:34:1C:F6:63:05:2D:EF:6E:47:57:9D:E4:7E:83:1A:CC:CA:CD:B7:5C:E2:C7:DF:5A:9A:F4:D3:A3:17:2D:C4:95:ED:B2:6C:E1:6A:04:57:B3:05:A3:59:FC:D5:F3:DD:39:1F:10:2E:9C:65:78:F3:1A:5E:24:4B:B7:E4:C3:1B:1E:8D:3A:F7:01:32:62:40:98:3B:B8:BF:38:5F:7B:AE:05:C4:DD:E5:14:90:F7:5C:CA:06:03:7F:56:AA:DC:C7:D6:F3:92:64:A2:3C:37:1F:35:76:AD:6A:78:6C:46:D2:4F:8E:1A:09:27:C5:65:B1:C2:0E:3F:F6:23:A2:D1:FD:B7:02:3E:FB:37:41:B2:D7:E7:1B:1E:6F:FF:4B:05:27:08:59:1A:C6:D6:62:90:04:7B:3C:A4:EA:D7:0B:45:28:10:80:94:42:98:F7:C4:23:D5:F5:F1:5D:C9:67:A9:66:89:15:CE:03:14:A4:10:37:F5:94:2E:53:1B:D8:26:58:11:D4:A2:AD:D5:F3:8D:F2:87:BF:C8:41:D4:69:57:8E:28:B8:7B:3F:90:E4:09:D0:41:97:6A:B8:76:DD:8E:5C:D1:44:E8:5E:83:E5:06:CA:F5:68:88:D1:47:F0:54:AB:9D:7D:F6:45:DF:C9:B6:6A:71:A4:69:FB:75:F5:A8:C5:2F:53:1D:A7:2E:9A:D8:A2:65:28:68:07:6C:B6:58:02:3D:D6:4F:B6:B3:D8:EB:64:F2:89:8A:13:64:7D:88:36:95:E5:A6:2F:00:D5:1D:D4:83:BC:B6:30:31:DB:4E:96:7B:14:6E:72:D3:C0:67:5F:FD:BC:51:00:A3:EF:25:6E:0B:BB:E9:97:C5:17:B0:AC:D9:BC:55:9E:EF:BB:6C:13:2B:DC:45:16:AC:C3:6E:32:69:E8:2D:15:83:63:5A:99:55:10:B7:65:C8:37:CB:D0:6A:A6:05:E2:B8:21:55:1D:0E:3F:6D:38:34:13:F2:96:C8:AD:F8:2A:F2:C2:F5:C4:F3:99:CC:22:34:FE:88:C9:13:BB:A9:B6:C9:C3:31:95:59:2F:6D:68:68:E0:7A:5B:E6:D4:AD:94:9C:01:44:D7:44:DD:94:11:3A:6F:A9:6B:25:45:5B:CA:5E:08:4C:99:99:95:CF:E4:CF:A1:92:03:49:0F:FB:F0:B9:DA:FA:8C:FB--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------82: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 8a:0a:9c:1f:9b:a8 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------82: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 8a:0a:9c:1f:9b:a8 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci 8a0a9c1f9ba80001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------82: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 8a0a9c1f9ba80001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb