16
unknown
unknown
beakerlib-1.29.3-2.fc38.noarch
unknown
2023-02-05 09:33:45 EST
2023-02-05 09:37:14 EST
Fedora release 38 (Rawhide)
ibm-p9z-06-lp10.khw3.lab.eng.bos.redhat.com
unknown
0 x
16247 MB
74.86 GB
MACsec sanity check
1. Module load unload
Load macsec driver, configure some SC/SA then unload the
driver, repeat the loop 50 times.
2. Configuration
Setup macsec between 2 hosts and do basic check, should cover
ip-macsec options as many as possible
3. Run basic network traffic
4. MTU check
Output of 'modinfo macsec':--------------- OUTPUT START ---------------filename: /lib/modules/6.2.0-0.rc6.837c07cf68fe.49.test.fc38.ppc64le/kernel/drivers/net/macsec.ko.xzalias: rtnl-link-macsecalias: net-pf-16-proto-16-family-macsecdescription: MACsec IEEE 802.1AElicense: GPL v2vermagic: 6.2.0-0.rc6.837c07cf68fe.49.test.fc38.ppc64le SMP mod_unload relocatablename: macsecintree: Ydepends:rhelversion: 9.99sig_id: PKCS#7signer: Fedora kernel signing keysig_key: 35:67:DB:4E:DA:F9:11:96:07:B7:5D:66:32:46:20:18:B9:90:09:60sig_hashalgo: sha256signature: 96:46:66:E2:20:F8:28:4B:5F:74:B6:A4:EA:12:91:05:C8:5D:DD:C9:45:8B:F4:DD:5F:FA:B4:8F:A8:3E:3E:14:47:68:20:A6:C7:BE:11:63:B3:87:C4:97:1B:FC:B6:F0:FF:DD:B9:33:33:25:75:B1:6E:E4:F2:93:21:6F:56:A9:86:BB:05:1B:3B:BB:BA:45:38:C2:21:48:31:BC:C4:2F:D7:B0:F8:06:E0:37:CA:69:3C:A5:6A:23:70:0D:F9:AF:4F:EC:75:CC:86:5E:4F:BB:31:EA:02:50:60:37:A1:A0:65:46:6A:9A:DD:52:14:D3:40:DE:36:6A:C5:30:63:E0:C5:A9:BA:B1:87:30:DE:E5:C4:8E:DE:8A:82:EF:7B:BF:FC:57:47:07:5B:DB:AD:E5:E6:BE:7F:50:B2:4D:33:10:60:EE:47:9F:FB:6D:F3:5B:BA:57:25:31:F9:BC:0C:32:2E:F5:81:72:12:54:1D:6E:5E:B7:6B:1B:D3:65:29:04:29:9F:35:01:B1:2E:9C:AE:B1:70:78:E1:0C:CC:D4:E3:51:3C:42:F8:E4:A6:B8:46:9F:94:B4:A1:AF:38:A4:85:CC:65:B8:7A:C9:9F:CD:BF:BC:3A:F6:F3:EB:F6:85:7D:05:FF:5E:02:24:23:83:FE:1F:AC:D4:DE:17:27:B1:45:0B:85:94:BE:3E:31:88:FF:C0:2A:5A:80:83:43:88:10:B2:67:FB:BE:13:E8:DE:BB:2B:48:48:73:63:8B:9C:CA:BA:47:9B:AE:04:BD:CA:37:C2:53:72:19:10:80:84:FE:12:44:E2:9A:AF:43:02:CA:5B:DF:1E:87:F9:88:DE:E3:09:24:BC:2D:2E:F8:45:99:FA:61:F5:EA:CB:E8:67:D0:B2:4F:46:FC:16:92:63:1D:17:BA:50:3F:5F:74:95:AC:B7:A2:05:64:1C:23:A4:62:7C:C8:1C:38:FD:3E:38:87:8D:0A:F2:9A:32:01:62:C5:EF:63:50:96:13:DD:5A:4B:0A:B6:97:A0:A7:D2:D8:58:E0:6E:7F:30:A5:54:CB:5D:07:2B:BC:E5:69:87:B8:FA:DE:BF:71:54:1A:00:1B:24:C5:A5:F2:83:62:50:C0:FF:86:D6:9C:B2:FA:EA:45:92:14:B6:D9:1B:FF:D7:E0:C8:9A:83:7B:38:08:08:A6:7E:62:DE:65:7B:9A:1F:8F:3B:F3:97:22:F4:4F:4B:91:0E:37:49:D0:EC:02:B3:59:3C:A0:19:AF:59:63:0B:9F:83:79:03:9F:49:76:4E:1B:F6:D7:2B:1D:1F:B2:76:B6:7B:5D:F2:7A:E0:4A:C0:B6:2A:F2:71:00:F0:42:B5:E2:97--------------- OUTPUT END ---------------PASSPASSOutput of 'ip macsec help':--------------- OUTPUT START ---------------Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV tx sa { 0..3 } [ OPTS ]ip macsec del DEV tx sa { 0..3 }ip macsec add DEV rx SCI [ on | off ]ip macsec set DEV rx SCI [ on | off ]ip macsec del DEV rx SCIip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEYip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]ip macsec del DEV rx SCI sa { 0..3 }ip macsec showip macsec show DEVip macsec offload DEV [ off | phy | mac ]where OPTS := [ pn <u32> | xpn <u64> ] [ salt SALT ] [ ssci <u32> ] [ on | off ]ID := 128-bit hex stringKEY := 128-bit or 256-bit hex stringSCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }SALT := 96-bit hex string--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSOutput of 'ip link show ttt':--------------- OUTPUT START ---------------82: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether b2:e5:77:7b:38:7b brd ff:ff:ff:ff:ff:ff--------------- OUTPUT END ---------------PASSOutput of 'ip -d link show ttt':--------------- OUTPUT START ---------------82: ttt@dummy0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether b2:e5:77:7b:38:7b brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 0 maxmtu 65535macsec sci b2e5777b387b0001 protect on cipher GCM-AES-128 icvlen 16 encodingsa 0 validate strict encrypt off send_sci on end_station off scb off replay off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536--------------- OUTPUT END ---------------PASSOutput of 'ip macsec show ttt':--------------- OUTPUT START ---------------82: ttt: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay offcipher suite: GCM-AES-128, using ICV length 16TXSC: b2e5777b387b0001 on SA 0offload: off--------------- OUTPUT END ---------------PASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPhases fingerprint: qYP1zJ4NAsserts fingerprint: xlgG/dyb