20
unknown
unknown
beakerlib-1.29.1-1.fc37eng.noarch
unknown
2023-02-02 10:24:27 EST
2023-02-02 10:27:31 EST
Fedora release 38 (Rawhide)
kvm-04-guest30.hv2.lab.eng.bos.redhat.com
unknown
1 x Intel Xeon Processor (Skylake, IBRS)
7941 MB
45.77 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.2.0-0.rc6.9f266ccaa2f5.46.test.eln.x86_64/kernel/drivers/net/macsec.ko.xzlicense: GPL v2description: MACsec IEEE 802.1AEalias: net-pf-16-proto-16-family-macsecalias: rtnl-link-macsecrhelversion: 9.99srcversion: 82004C3DDA3C2F87ED9229Edepends:retpoline: Yintree: Yname: macsecvermagic: 6.2.0-0.rc6.9f266ccaa2f5.46.test.eln.x86_64 SMP preempt mod_unload modversionssig_id: PKCS#7signer: Red Hat Enterprise Linux kernel signing keysig_key: 14:36:36:78:84:56:26:4E:2C:E4:D1:AC:5D:9B:05:FF:2D:A9:71:B1sig_hashalgo: sha256signature: 6B:67:66:BC:D2:84:C6:68:38:E6:57:16:C4:7A:F7:EE:27:63:8B:DA:98:64:F7:A2:77:04:C0:75:63:3D:69:32:38:9E:1B:A4:CB:F3:1C:12:E4:67:03:85:E5:C8:33:32:7D:76:01:69:F6:2A:32:54:94:67:11:D0:89:32:29:8B:19:AE:AF:47:2C:75:17:E0:FB:BB:A8:A4:0F:CE:AC:3E:34:FE:28:16:C1:AF:C1:65:EB:34:54:C7:F7:15:87:E2:CE:F1:2F:3F:82:AD:7E:9E:0E:F5:01:8B:47:B9:2B:3A:79:BB:D2:8F:44:CB:1B:F2:78:CC:8A:CD:46:9A:42:03:F6:8B:EE:B1:3C:65:65:82:52:2B:87:53:9C:90:EE:35:79:C9:98:A3:F8:0F:CB:75:32:7D:32:C6:D3:F8:D8:F6:41:3B:10:B0:DA:84:7A:8A:EA:42:A3:78:21:E9:DD:06:36:25:53:19:94:BB:FB:1C:8A:6D:77:29:BA:D4:E6:27:08:1F:B4:C6:D9:1C:1E:A8:90:91:2F:62:74:4D:61:55:3D:73:92:83:12:6B:2D:3B:15:26:36:A6:D0:BD:9C:D4:D1:06:C1:7B:09:0C:81:FB:24:11:70:C4:89:9E:D1:D4:F3:FE:95:01:B4:59:A3:1B:4A:94:82:9C:7A:2B:C8:2A:3E:F4:37:C2:6E:F8:F0:9D:2C:BE:FA:70:6D:65:09:CB:EB:08:29:DC:F9:F0:40:C2:5C:8A:54:CA:97:FD:23:4B:16:EC:0C:7B:50:C8:2C:EC:59:C7:4D:35:D9:5C:C9:60:8A:27:04:FD:3A:63:2D:69:FD:18:F2:E0:E5:1E:08:3F:EC:23:27:E1:C7:57:7F:56:09:F7:69:E1:E2:12:79:84:34:C0:8C:BC:E9:70:90:E4:AB:A2:54:13:0E:D0:89:D8:2B:67:BB:8A:23:61:AE:6F:C7:18:19:91:EE:90:F8:D0:1C:3B:C2:29:B3:C2:C9:29:01:D4:19:5A:79:04:08:F5--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> | xpn <u64> ] [ salt SALT ] [ ssci <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }SALT := 96-bit hex string--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------89: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 8a:1b:e4:2a:31:6c brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------89: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether 8a:1b:e4:2a:31:6c brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 0 maxmtu 65535macsec sci 8a1be42a316c0001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------89: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 8a1be42a316c0001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: HEJWQ6GAAsserts fingerprint: MDZC8DyM