11
unknown
unknown
beakerlib-1.27-3.el9.noarch
unknown
2023-01-23 11:45:35 EST
2023-01-23 11:48:48 EST
CentOS Stream release 9
sweetpig-4.4a2m.lab.eng.bos.redhat.com
x86_64
4 x Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
14376 MB
461.90 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/5.14.0-241.rt14.242.1931_755032724.el9.x86_64/kernel/drivers/net/macsec.ko.xzlicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecrhelversion: 9.2srcversion: 8A5A7AEABEAD7A546468079depends:retpoline: Yintree: Yname: macsecvermagic: 5.14.0-241.rt14.242.1931_755032724.el9.x86_64 SMP preempt_rt mod_unload modversionssig_id: PKCS#7signer: CentOS Stream kernel signing keysig_key: 3D:8A:67:E8:70:71:87:13:68:CE:0A:B3:BF:57:DB:30:F7:ED:C8:35sig_hashalgo: sha256signature: 49:29:6A:5B:DB:5F:37:BB:54:AB:66:B1:C2:8A:A2:5C:80:69:94:DA:D8:9E:98:13:65:F2:B9:7B:29:29:D1:89:99:10:EB:67:A8:7E:33:C1:55:F1:32:79:8C:6E:6A:77:26:47:CF:3B:50:0C:30:2D:D8:58:47:7B:AD:7D:EA:96:90:56:8B:A6:0E:45:72:76:93:E7:65:21:3E:A1:1E:43:5C:3E:64:52:E4:6F:0E:14:34:B6:36:A3:C6:CA:1B:7B:77:5B:AA:10:5B:A0:F6:86:F6:7E:43:0E:A9:99:03:CE:53:EB:B6:33:9B:3B:00:8C:29:2E:26:EC:66:81:A5:54:18:52:94:69:63:AA:B3:07:30:28:29:A5:C3:39:5D:B4:8D:C4:CA:30:D9:6A:73:31:A8:F1:EC:E0:10:E6:D3:FC:43:2C:B7:2B:75:38:B9:7B:13:A2:71:78:89:08:DC:3D:B7:7F:8F:4A:F2:33:63:D4:E7:45:59:0D:6D:10:9B:7C:BF:76:F3:7B:35:88:59:D5:1A:04:21:12:93:05:1C:8F:B9:1C:AE:95:A8:DB:6B:92:A4:34:7E:CD:A1:9F:93:7A:8E:A3:5A:D8:49:F8:55:DD:7E:22:F4:13:9C:92:F4:AB:F2:23:FF:D2:A1:F2:66:F0:A8:F4:47:37:AF:2D:97:71:3D:3E:75:7C:ED:A4:11:30:4F:DE:9C:34:20:8A:D8:F1:89:BD:A0:F1:A1:32:0F:DD:2A:CE:16:AD:90:7F:A2:96:3E:CD:7B:A8:63:2F:CB:F8:65:C7:E2:AB:CC:B1:E3:25:80:6B:86:D6:77:9C:42:F6:EB:BD:EB:70:C3:7F:EF:A4:15:C2:E2:B2:BC:76:57:6F:57:E5:F2:40:3F:7C:5A:CD:2B:BA:DE:3A:6A:2F:0A:CC:E9:26:64:8B:51:6F:18:31:DB:F6:B6:5F:E1:61:50:DF:E2:97:97:BA:E0:CA:81:8A:FB:BF:C8:73:BC:F9:CA:6A:1E:4F:64:EF:54:2E:ED:9C--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------60: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 6a:eb:4e:8c:eb:af brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------60: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 6a:eb:4e:8c:eb:af brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci 6aeb4e8cebaf0001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------60: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 6aeb4e8cebaf0001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASS