17
unknown
unknown
beakerlib-1.29.3-2.fc38.noarch
unknown
2023-01-27 19:13:14 EST
2023-01-27 19:16:05 EST
Fedora release 38 (Rawhide)
kvm-02-guest10.lab.eng.rdu2.redhat.com
unknown
1 x Intel Xeon Processor (Skylake, IBRS)
3726 MB
53.87 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.2.0-rc5/kernel/drivers/net/macsec.koalias: rtnl-link-macsecalias: net-pf-16-proto-16-family-macsecdescription: MACsec IEEE 802.1AElicense: GPL v2vermagic: 6.2.0-rc5 SMP preempt mod_unloadname: macsecintree: Yretpoline: Ydepends:sig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 0B:DE:12:98:9F:11:A2:26:77:E2:56:05:63:BC:99:D2:B5:82:C8:9Csig_hashalgo: sha512signature: 41:C7:16:FF:37:26:34:D8:75:37:F4:B9:7C:4D:3E:09:1E:68:1A:22:DF:AB:4F:E3:C3:E1:9A:64:FC:9D:25:8E:93:4C:54:40:00:C4:64:06:34:49:A1:BC:85:6B:ED:DB:8B:E8:BB:93:40:9E:72:3C:6E:76:7B:52:61:FE:12:F7:A3:DF:64:2B:62:36:D3:3D:FA:71:5D:1E:A4:D8:1C:D5:82:EA:0A:7B:31:17:29:56:87:D9:87:38:40:4A:BC:17:99:76:76:92:AD:6E:0D:46:12:8C:D1:B3:B1:2F:E6:0D:DB:2E:66:8C:6A:50:EF:38:23:62:A3:3D:77:69:5E:51:D3:0E:D1:AA:1D:83:7E:92:C8:FE:35:12:CB:B2:AC:DC:B9:7A:CE:F3:36:6C:88:37:83:64:B9:91:2F:F3:14:73:51:76:4A:5C:FF:38:1C:BC:F3:42:38:CE:2C:90:CB:22:41:C6:BC:63:C8:B7:07:79:E8:A3:D8:4D:E9:97:05:65:55:1E:34:30:C1:CB:4E:33:2C:43:15:C9:1E:09:87:A6:87:2D:C1:F1:63:53:03:E9:06:CF:10:9E:7E:7C:48:88:AD:29:5A:6C:36:54:56:06:33:BA:4F:DE:A7:92:45:02:85:1B:B4:54:32:D9:6F:B4:E4:0C:F1:57:EB:43:8A:E5:A7:E1:8F:E1:2B:81:A1:28:F3:07:D5:B8:DD:57:37:48:90:9D:52:DC:7B:0F:4F:D1:B6:27:80:98:0D:0B:06:48:82:11:2A:90:56:9E:72:F1:58:EE:FC:BF:91:34:5C:6B:F5:6B:A9:86:FE:0E:3B:3F:D0:6F:DD:DA:FA:70:8B:98:E3:B6:42:C5:D0:60:03:C0:19:B5:9D:ED:B5:9C:B3:3C:43:AF:95:C4:FA:46:89:93:0B:A3:48:7B:36:B8:76:0E:45:47:98:2D:EF:CE:F1:BA:01:41:88:DA:FE:2A:D8:DC:89:37:AF:9A:44:09:99:5C:07:B5:4A:50:E9:4A:9F:CB:8B:78:AA:56:FD:5B:80:76:A0:B8:85:DD:84:F6:1A:1B:29:27:77:81:9E:51:1B:9B:38:1A:0F:E4:89:74:13:77:8D:38:F8:4D:10:37:70:67:44:B2:E1:B3:C7:50:82:B5:7B:AE:90:82:DD:E9:E3:AE:2A:62:BD:22:2F:89:DF:E4:47:2E:40:FD:1C:3F:28:05:13:35:61:15:87:48:46:57:4D:05:89:11:FD:AC:45:0C:BD:22:B7:A2:86:65:11:6B:93:8E:2F:F8:56:FB:7E:60:51:43:67:20:3B:51:57:21:A3:6C:43:7B:5E:9C:58:A1:13:90:97:22:DC:73:4B:D7--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------84: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 72:ad:9d:e8:d4:de brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------84: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 72:ad:9d:e8:d4:de brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci 72ad9de8d4de0001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------84: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 72ad9de8d4de0001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb