15
unknown
unknown
beakerlib-1.29.3-2.fc38.noarch
unknown
2023-01-30 08:49:19 EST
2023-01-30 08:52:07 EST
Fedora release 38 (Rawhide)
ibm-z-501.lab.eng.rdu2.redhat.com
unknown
0 x
5994 MB
38.08 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.2.0-0.rc6.44.test.fc38.s390x/kernel/drivers/net/macsec.ko.xzalias: rtnl-link-macsecalias: net-pf-16-proto-16-family-macsecdescription: MACsec IEEE 802.1AElicense: GPL v2vermagic: 6.2.0-0.rc6.44.test.fc38.s390x SMP mod_unloadname: macsecintree: Ydepends:rhelversion: 9.99sig_id: PKCS#7signer: Fedora kernel signing keysig_key: 0B:69:60:9E:76:C7:84:B2:34:C8:DF:B6:66:48:9C:FF:9B:30:6E:38sig_hashalgo: sha256signature: 74:E6:72:9C:0D:6C:0A:46:2C:8A:8C:FE:C3:3B:FB:12:FC:B6:55:0F:CA:21:C9:A8:12:1C:F2:96:9C:9A:FC:19:6F:12:CF:9F:32:80:EF:CD:08:D4:F2:33:EB:08:CC:91:CE:A2:D6:A5:70:10:1A:27:0D:80:0F:41:1D:49:35:57:36:32:04:32:FC:A2:B5:5C:F9:6E:4C:0F:D6:D3:4D:DA:13:6A:94:79:8F:D6:0D:6D:11:46:28:95:89:D7:1E:B2:1E:A2:43:EC:59:17:9D:B0:1A:34:90:E0:EE:B9:8C:61:F6:98:75:15:37:F7:5A:05:B5:CB:05:ED:D6:DD:53:41:B6:ED:DF:65:6A:2A:CF:EF:C1:12:C4:E4:E8:A4:5B:FA:90:57:A1:CA:24:8D:F7:CA:9B:38:CD:47:B9:AB:D5:AC:48:34:1C:A9:C7:28:9A:F7:2C:24:99:B4:A5:6B:CC:08:91:69:EE:0A:22:BB:F7:7E:1C:60:B5:A6:99:E1:DA:70:1F:18:DC:7E:D2:D9:2E:5E:89:5C:E4:A4:AE:5F:30:B3:B9:78:FB:CC:FB:7D:A7:0A:F9:B7:20:44:73:1C:89:C3:B6:18:3E:B0:04:76:15:84:A0:A8:62:A4:1F:95:B9:80:99:57:55:1D:1E:DF:A6:97:18:87:B2:A2:D3:46:DC:40:B2:0C:86:63:3E:25:93:3F:E1:36:3A:10:63:59:17:08:3A:15:49:AE:DB:A7:68:40:25:64:03:48:C5:04:F0:A7:A4:5C:22:91:9A:C7:66:BC:D9:32:67:E3:52:F7:EF:4E:8D:2E:6B:BC:E0:E4:38:4B:EC:CE:B2:CE:95:03:24:33:5D:21:86:B4:47:85:1D:F2:52:CB:2A:11:48:73:F4:B8:77:BA:2B:ED:68:37:B8:F9:E8:6D:41:0E:A6:BE:6A:68:10:6B:E7:86:C5:6D:8E:7A:6E:F1:A7:FC:C0:BB:E8:72:33:E2:9C:E9:3E:7B:F3:CB:91:A4:82:1A:22:A0:CC:E6:34:A3:35:0F:BA:AF:7E:66:0E:9D:23:88:E2:E4:68:58:31:8B:B1:B2:8D:C8:81:0D:12:80:B6:BA:FD:4D:79:B9:52:85:FF:34:48:C8:97:42:A3:2D:E7:28:DC:EA:EB:0C:79:1D:F4:FE:AD:DE:4C:26:CC:71:FE:1D:B5:EC:A2:DC:9A:9A:C0:80:CA:CF:B0:94:43:B8:36:CB:8F:57:E2:A6:7C:EB:0E:F1:A0:A7:C6:81:A0:DF:05:6E:60:8C:CE:15:BE:9D:AE:D4:CD:54:B8:79:9B:C4:58:E0:2F:58:92:4E:02:77:88:AB:CB:8A:D4:88:45:E9:DE:E4:8A:CB:A7:8B--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> | xpn <u64> ] [ salt SALT ] [ ssci <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }SALT := 96-bit hex string--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------79: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether c6:49:e9:d8:49:3b brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------79: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether c6:49:e9:d8:49:3b brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 0 maxmtu 65535macsec sci c649e9d8493b0001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------79: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: c649e9d8493b0001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb