13
unknown
unknown
beakerlib-1.27-3.el9.noarch
unknown
2023-01-30 04:12:19 EST
2023-01-30 04:15:19 EST
CentOS Stream release 9
s390x-kvm-014.lab.eng.rdu2.redhat.com
s390x
0 x
7517 MB
111.96 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/5.14.0-247.1974_761207047.el9.s390x/kernel/drivers/net/macsec.ko.xzlicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecrhelversion: 9.2srcversion: 8A5A7AEABEAD7A546468079depends:intree: Yname: macsecvermagic: 5.14.0-247.1974_761207047.el9.s390x SMP mod_unload modversionssig_id: PKCS#7signer: CentOS Stream kernel signing keysig_key: 4A:64:9B:6F:DD:C8:A8:7E:22:C2:3C:02:42:BC:E0:82:2C:4A:BE:BFsig_hashalgo: sha256signature: 15:75:92:64:50:36:3B:50:A9:A5:DF:B2:BF:FF:B3:D1:D4:7D:B8:AD:85:E9:E6:E9:51:DA:EC:E4:BE:D0:D2:B6:7C:AC:4A:A4:F8:B7:0D:38:A7:5A:98:A8:9F:7A:87:BD:E3:B7:45:6E:89:FF:9C:E9:71:EB:04:77:C7:89:41:B4:65:F9:5E:BB:0F:7A:AA:FA:2E:C7:68:47:50:F3:82:F3:AB:24:F8:3C:72:40:A5:8A:7E:4D:F5:AF:0A:32:97:43:F3:2A:21:41:2F:6F:AE:FC:DF:9B:88:57:16:83:55:E3:40:15:43:35:FB:89:B8:F9:AA:CF:6A:1B:A0:07:7E:87:6B:10:8B:18:E0:F9:25:03:05:51:83:62:64:F8:ED:40:5C:F5:8F:59:4D:7C:5B:65:B6:8A:EF:6F:A2:36:D8:E9:F6:48:64:86:EF:23:E0:01:7C:D8:08:60:06:CF:E4:90:C2:8D:A4:CB:73:CA:FE:2D:77:0B:DB:3D:56:A1:71:F7:D2:FF:FB:97:A3:F1:50:CE:CF:E1:88:A0:22:54:E5:40:E6:43:A8:67:5A:22:6F:08:95:7B:25:77:36:DC:FE:E0:61:2D:BE:0E:DE:71:DB:BF:91:70:F6:16:9C:35:79:D7:66:31:65:A7:FE:AC:FA:41:24:E7:DF:7D:CD:98:D1:1D:92:14:4E:BE:0F:DD:54:37:84:89:BE:89:17:D5:CA:C9:AC:0F:CB:E0:53:9D:2B:80:6F:86:74:DF:96:24:C1:3E:76:21:5D:65:88:E2:10:94:AB:21:FC:D2:21:94:96:E4:24:E9:FB:FE:F8:A2:F9:D6:58:36:6A:8F:1B:BA:AD:50:AA:E0:67:0F:C5:1F:8E:B1:FA:41:0E:0E:6B:64:BC:B7:A9:C0:A8:03:4C:82:3D:6A:2C:88:10:86:90:0D:7F:BA:0E:2D:76:1E:7D:E1:B1:92:DF:F1:89:A8:BD:A3:5A:45:93:99:7F:8C:3E:B2:0A:81:1F:94:74:0C:DA:39:5A:9D--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------60: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether da:79:33:2d:d5:b0 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------60: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether da:79:33:2d:d5:b0 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535macsec sci da79332dd5b00001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------60: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: da79332dd5b00001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASS