16
unknown
unknown
beakerlib-1.29.3-2.fc38.noarch
unknown
2023-02-05 00:27:05 EST
2023-02-05 00:30:40 EST
Fedora release 38 (Rawhide)
ibm-p9z-16-lp2.khw3.lab.eng.bos.redhat.com
unknown
0 x
16247 MB
99.86 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.2.0-rc6/kernel/drivers/net/macsec.koalias: rtnl-link-macsecalias: net-pf-16-proto-16-family-macsecdescription: MACsec IEEE 802.1AElicense: GPL v2vermagic: 6.2.0-rc6 SMP mod_unload relocatablename: macsecintree: Ydepends:sig_id: PKCS#7signer: Build time autogenerated kernel keysig_key: 5C:FF:51:FA:C0:3E:92:B5:F9:3A:53:55:56:58:5E:3D:E9:6C:BA:26sig_hashalgo: sha512signature: 85:5F:1C:FD:EC:40:F2:03:4D:E5:C3:5A:E5:62:84:12:2F:54:BD:73:FA:72:EA:23:28:87:5A:F9:FC:A1:EC:F4:0B:8C:E7:3B:37:F3:3F:4F:66:57:9A:00:95:7F:C1:65:F7:F3:51:49:64:71:94:45:44:94:E3:1D:5C:79:6C:26:B7:94:40:98:8E:74:F5:3C:EB:1E:EB:78:96:22:CD:A6:F2:0C:82:24:C4:10:57:6B:35:7C:F3:9E:1B:08:EE:84:73:41:D6:F5:73:66:6B:B9:3A:99:F8:1F:7B:DE:42:50:4F:BC:89:09:C8:E1:49:29:F5:46:93:E4:2F:B2:4F:5E:D9:E8:94:AA:A2:03:61:72:C3:0B:8C:7F:0F:BB:53:A5:40:24:B2:DB:91:D8:A7:F6:FB:F0:70:16:A5:C0:59:F2:CF:B2:37:0E:5A:29:7D:C0:26:FC:7D:CF:B1:5A:9E:1C:C7:60:56:F6:E1:8B:1D:0C:CB:DA:46:26:D3:A7:CA:EF:98:4F:F0:A0:20:14:25:01:96:86:8A:7D:FA:5B:25:3B:F9:F7:A3:33:3A:FB:AE:F8:32:B8:36:F6:EB:59:37:51:3B:AD:35:F0:E7:28:F3:13:2A:48:AD:A2:05:81:CB:FF:4A:17:60:CA:39:24:BD:7E:9E:BC:20:40:B4:8D:4E:6C:10:5F:E3:A5:A6:71:55:69:F6:CB:E5:58:FC:B8:C0:99:25:B5:2C:1D:E9:F0:5A:AC:72:B8:14:91:17:02:F3:FB:FF:EF:48:83:BF:CF:C8:AB:A8:F2:2C:8E:49:A3:11:BB:4D:C0:A0:83:B3:78:90:4E:3C:DB:E3:20:E7:BA:27:BE:0F:29:91:E6:93:96:5C:B8:44:5D:D5:5B:94:F7:97:ED:9E:65:26:22:A8:2C:B3:A6:DD:CC:C9:8A:A2:9E:F5:05:1F:C6:E4:A9:62:FF:81:5E:7F:CE:7A:0A:4A:BC:87:1A:D7:94:83:23:1D:2C:BD:AC:EA:72:C8:2C:DC:C1:C5:84:72:00:3D:E4:4D:44:91:BE:B0:E6:BC:5F:40:90:F4:D3:93:D0:59:12:82:53:E6:41:80:CD:A0:DA:74:AE:11:DA:48:B9:DD:9F:20:DA:62:CC:14:8C:85:AF:10:A7:25:33:1F:97:24:8A:AD:AA:94:A6:DB:B2:78:09:D3:68:52:6D:03:89:38:3E:DA:8B:67:4B:57:A9:62:9F:AE:D3:EF:48:79:66:78:0E:62:34:4C:A8:BE:AE:11:C5:0C:99:FE:FA:FE:1F:24:4A:47:BF:70:B6:82:6A:A1:BC:41:D6:7F:2C:7B:22:29:31:C8:4C:EF:C2:80:DA:A9:29:8E:74:EB:AD--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> | xpn <u64> ] [ salt SALT ] [ ssci <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }SALT := 96-bit hex string--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------81: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 0a:f6:7a:ce:17:51 brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------81: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/ether 0a:f6:7a:ce:17:51 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 0 maxmtu 65535macsec sci 0af67ace17510001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------81: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: 0af67ace17510001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb