12
unknown
unknown
beakerlib-1.27-3.el9.noarch
unknown
2023-01-30 02:33:25 CET
2023-01-30 02:36:27 CET
CentOS Stream release 9
kvm-02-guest05.rhts.eng.brq.redhat.com
x86_64
1 x Intel Core Processor (Broadwell, IBRS)
3408 MB
56.00 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/5.14.0-247.rt14.248.1955_761016865.el9.x86_64/kernel/drivers/net/macsec.ko.xzlicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecrhelversion: 9.2srcversion: 8A5A7AEABEAD7A546468079depends:retpoline: Yintree: Yname: macsecvermagic: 5.14.0-247.rt14.248.1955_761016865.el9.x86_64 SMP preempt_rt mod_unload modversionssig_id: PKCS#7signer: CentOS Stream kernel signing keysig_key: 14:4A:A9:9E:A3:20:36:3D:C8:15:D8:5E:D5:55:B7:3F:12:A6:CC:72sig_hashalgo: sha256signature: AA:43:1B:F4:0C:B6:3D:98:B1:53:D7:1B:70:CD:78:8E:E5:92:BC:8E:BF:1D:88:B6:D6:5E:56:95:D2:FC:D9:67:EA:FA:F1:8F:75:49:71:14:8D:1D:A6:1F:57:A7:F2:E8:9F:9C:24:C4:51:48:79:47:79:D2:13:7D:1C:A1:33:B5:91:4A:37:C8:B0:02:4C:C3:A3:E2:82:53:38:B1:73:A4:BE:90:01:8C:66:C6:0E:73:35:1B:A1:79:0C:B3:4B:47:1C:9C:8E:43:C1:B0:49:B4:3D:13:40:A7:92:60:D2:61:CF:29:EB:9E:8D:07:7A:77:9D:44:FB:1F:7D:5E:17:E9:E3:48:A0:0B:2D:3C:62:D4:00:3D:6D:17:D8:6A:76:AB:F6:52:16:1C:74:B5:20:80:3E:1D:6D:C6:D7:BF:4F:1B:B8:E5:82:47:A1:A7:D4:0A:BB:D9:16:39:48:60:CE:0E:D7:57:86:7A:2C:EB:0B:D8:88:7A:72:42:E2:67:FB:92:8F:42:E5:2D:0F:6F:DF:48:96:69:4B:B0:D5:15:72:B1:C3:E8:3C:93:A6:05:C7:A2:73:21:F3:A8:F8:37:C2:06:4A:82:AE:C7:1C:F5:6B:3F:02:45:C7:7E:BD:01:AF:1A:6D:AF:FD:48:43:1F:67:D2:9E:B0:80:CA:E8:7D:9E:4C:BA:43:31:6D:AC:73:D4:14:88:67:DB:D7:1C:AD:AA:1A:51:EB:46:2D:35:7C:49:B8:B0:65:CD:91:74:62:93:13:75:E7:4B:BC:A4:DC:8E:81:6B:3D:1F:C0:C7:97:43:F6:72:3B:80:8E:75:8B:DB:E1:92:9C:A6:23:CC:18:A4:6E:74:6B:E8:79:8F:D5:2C:51:D7:0E:C7:6A:02:E7:88:ED:F6:DC:3D:38:E2:07:BB:49:2A:E5:35:3D:50:D0:6E:5E:C2:53:74:07:5E:58:92:A3:35:84:54:40:E2:D9:45:3A:37:DD:CB:58:AE:5D:B9:E9:EE:36:5C:FF:43:BF:B5:03--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------60: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether d2:a8:67:4b:bc:52 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------60: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether d2:a8:67:4b:bc:52 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci d2a8674bbc520001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------60: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: d2a8674bbc520001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASS