mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
test-network: add tests for MACsec
This commit is contained in:
parent
e57319dd54
commit
02849d8b4f
1
test/test-network/conf/25-macsec.key
Normal file
1
test/test-network/conf/25-macsec.key
Normal file
@ -0,0 +1 @@
|
||||
85858585858585858585858585858585
|
68
test/test-network/conf/25-macsec.netdev
Normal file
68
test/test-network/conf/25-macsec.netdev
Normal file
@ -0,0 +1,68 @@
|
||||
[NetDev]
|
||||
Name=macsec99
|
||||
Kind=macsec
|
||||
|
||||
[MACsec]
|
||||
Port=11
|
||||
Encrypt=yes
|
||||
|
||||
[MACsecTransmitAssociation]
|
||||
PacketNumber=1024
|
||||
KeyId=01
|
||||
Key=81818181818181818181818181818181
|
||||
Activate=yes
|
||||
|
||||
[MACsecTransmitAssociation]
|
||||
PacketNumber=512
|
||||
KeyId=0203
|
||||
Key=82828282828282828282828282828282
|
||||
UseForEncoding=yes
|
||||
|
||||
[MACsecReceiveChannel]
|
||||
Port=2
|
||||
MACAddress=8c:16:45:6c:83:a9
|
||||
|
||||
[MACsecReceiveAssociation]
|
||||
Port=2
|
||||
MACAddress=8c:16:45:6c:83:a9
|
||||
PacketNumber=16
|
||||
KeyId=020304
|
||||
Key=83838383838383838383838383838383
|
||||
|
||||
[MACsecReceiveAssociation]
|
||||
Port=256
|
||||
MACAddress=c6:19:52:8f:e6:a0
|
||||
PacketNumber=32
|
||||
KeyId=02030405
|
||||
Key=84848484848484848484848484848484
|
||||
Activate=yes
|
||||
|
||||
[MACsecReceiveAssociation]
|
||||
Port=256
|
||||
MACAddress=c6:19:52:8f:e6:a0
|
||||
PacketNumber=128
|
||||
KeyId=0203040506
|
||||
KeyFile=/run/systemd/network/25-macsec.key
|
||||
Activate=yes
|
||||
|
||||
[MACsecReceiveAssociation]
|
||||
Port=256
|
||||
MACAddress=c6:19:52:8f:e6:a0
|
||||
KeyId=020304050607
|
||||
Key=86868686868686868686868686868686
|
||||
Activate=no
|
||||
|
||||
[MACsecReceiveAssociation]
|
||||
Port=256
|
||||
MACAddress=c6:19:52:8f:e6:a0
|
||||
KeyId=02030405060708
|
||||
Key=87878787878787878787878787878787
|
||||
Activate=no
|
||||
|
||||
[MACsecReceiveAssociation]
|
||||
# This section should be dropped.
|
||||
Port=256
|
||||
MACAddress=c6:19:52:8f:e6:a0
|
||||
KeyId=0203040506070809
|
||||
Key=88888888888888888888888888888888
|
||||
Activate=no
|
6
test/test-network/conf/25-macsec.network
Normal file
6
test/test-network/conf/25-macsec.network
Normal file
@ -0,0 +1,6 @@
|
||||
[Match]
|
||||
Name=macsec99
|
||||
|
||||
[Network]
|
||||
IPv6AcceptRA=no
|
||||
Address=10.1.2.3/16
|
9
test/test-network/conf/macsec.network
Normal file
9
test/test-network/conf/macsec.network
Normal file
@ -0,0 +1,9 @@
|
||||
[Match]
|
||||
Name=dummy98
|
||||
|
||||
[Link]
|
||||
MACAddress=00:50:56:c0:00:19
|
||||
|
||||
[Network]
|
||||
IPv6AcceptRA=no
|
||||
MACsec=macsec99
|
@ -290,6 +290,9 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
|
||||
'25-ipip-tunnel.netdev',
|
||||
'25-ipvlan.netdev',
|
||||
'25-isatap-tunnel.netdev',
|
||||
'25-macsec.key',
|
||||
'25-macsec.netdev',
|
||||
'25-macsec.network',
|
||||
'25-sit-tunnel-local-any.netdev',
|
||||
'25-sit-tunnel-remote-any.netdev',
|
||||
'25-sit-tunnel.netdev',
|
||||
@ -322,6 +325,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
|
||||
'ipip.network',
|
||||
'ipvlan.network',
|
||||
'isatap.network',
|
||||
'macsec.network',
|
||||
'macvlan.network',
|
||||
'macvtap.network',
|
||||
'sit.network',
|
||||
@ -875,6 +879,35 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
|
||||
self.assertRegex(output, 'remcsumrx')
|
||||
self.assertRegex(output, 'gbp')
|
||||
|
||||
def test_macsec(self):
|
||||
self.copy_unit_to_networkd_unit_path('25-macsec.netdev', '25-macsec.network', '25-macsec.key',
|
||||
'macsec.network', '12-dummy.netdev')
|
||||
self.start_networkd(0)
|
||||
|
||||
self.wait_online(['dummy98:degraded', 'macsec99:routable'])
|
||||
|
||||
output = subprocess.check_output(['ip', '-d', 'link', 'show', 'macsec99']).rstrip().decode('utf-8')
|
||||
print(output)
|
||||
self.assertRegex(output, 'macsec99@dummy98')
|
||||
self.assertRegex(output, 'macsec sci [0-9a-f]*000b')
|
||||
self.assertRegex(output, 'encrypt on')
|
||||
|
||||
output = subprocess.check_output(['ip', 'macsec', 'show', 'macsec99']).rstrip().decode('utf-8')
|
||||
print(output)
|
||||
self.assertRegex(output, 'encrypt on')
|
||||
self.assertRegex(output, 'TXSC: [0-9a-f]*000b on SA 1')
|
||||
self.assertRegex(output, '0: PN [0-9]*, state on, key 01000000000000000000000000000000')
|
||||
self.assertRegex(output, '1: PN [0-9]*, state on, key 02030000000000000000000000000000')
|
||||
self.assertRegex(output, 'RXSC: c619528fe6a00100, state on')
|
||||
self.assertRegex(output, '0: PN [0-9]*, state on, key 02030405000000000000000000000000')
|
||||
self.assertRegex(output, '1: PN [0-9]*, state on, key 02030405060000000000000000000000')
|
||||
self.assertRegex(output, '2: PN [0-9]*, state off, key 02030405060700000000000000000000')
|
||||
self.assertRegex(output, '3: PN [0-9]*, state off, key 02030405060708000000000000000000')
|
||||
self.assertNotRegex(output, 'key 02030405067080900000000000000000')
|
||||
self.assertRegex(output, 'RXSC: 8c16456c83a90002, state on')
|
||||
self.assertRegex(output, '0: PN [0-9]*, state off, key 02030400000000000000000000000000')
|
||||
|
||||
|
||||
class NetworkdL2TPTests(unittest.TestCase, Utilities):
|
||||
|
||||
links =[
|
||||
|
Loading…
Reference in New Issue
Block a user