From 02849d8b4fa4199678182de0c9768ddbb94ae9e5 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 5 Apr 2019 15:58:50 +0900 Subject: [PATCH] test-network: add tests for MACsec --- test/test-network/conf/25-macsec.key | 1 + test/test-network/conf/25-macsec.netdev | 68 +++++++++++++++++++++ test/test-network/conf/25-macsec.network | 6 ++ test/test-network/conf/macsec.network | 9 +++ test/test-network/systemd-networkd-tests.py | 33 ++++++++++ 5 files changed, 117 insertions(+) create mode 100644 test/test-network/conf/25-macsec.key create mode 100644 test/test-network/conf/25-macsec.netdev create mode 100644 test/test-network/conf/25-macsec.network create mode 100644 test/test-network/conf/macsec.network diff --git a/test/test-network/conf/25-macsec.key b/test/test-network/conf/25-macsec.key new file mode 100644 index 0000000000..56c51fa9f7 --- /dev/null +++ b/test/test-network/conf/25-macsec.key @@ -0,0 +1 @@ +85858585858585858585858585858585 diff --git a/test/test-network/conf/25-macsec.netdev b/test/test-network/conf/25-macsec.netdev new file mode 100644 index 0000000000..9b603ca039 --- /dev/null +++ b/test/test-network/conf/25-macsec.netdev @@ -0,0 +1,68 @@ +[NetDev] +Name=macsec99 +Kind=macsec + +[MACsec] +Port=11 +Encrypt=yes + +[MACsecTransmitAssociation] +PacketNumber=1024 +KeyId=01 +Key=81818181818181818181818181818181 +Activate=yes + +[MACsecTransmitAssociation] +PacketNumber=512 +KeyId=0203 +Key=82828282828282828282828282828282 +UseForEncoding=yes + +[MACsecReceiveChannel] +Port=2 +MACAddress=8c:16:45:6c:83:a9 + +[MACsecReceiveAssociation] +Port=2 +MACAddress=8c:16:45:6c:83:a9 +PacketNumber=16 +KeyId=020304 +Key=83838383838383838383838383838383 + +[MACsecReceiveAssociation] +Port=256 +MACAddress=c6:19:52:8f:e6:a0 +PacketNumber=32 +KeyId=02030405 +Key=84848484848484848484848484848484 +Activate=yes + +[MACsecReceiveAssociation] +Port=256 +MACAddress=c6:19:52:8f:e6:a0 +PacketNumber=128 +KeyId=0203040506 +KeyFile=/run/systemd/network/25-macsec.key +Activate=yes + +[MACsecReceiveAssociation] +Port=256 +MACAddress=c6:19:52:8f:e6:a0 +KeyId=020304050607 +Key=86868686868686868686868686868686 +Activate=no + +[MACsecReceiveAssociation] +Port=256 +MACAddress=c6:19:52:8f:e6:a0 +KeyId=02030405060708 +Key=87878787878787878787878787878787 +Activate=no + +[MACsecReceiveAssociation] +# This section should be dropped. +Port=256 +MACAddress=c6:19:52:8f:e6:a0 +KeyId=0203040506070809 +Key=88888888888888888888888888888888 +Activate=no diff --git a/test/test-network/conf/25-macsec.network b/test/test-network/conf/25-macsec.network new file mode 100644 index 0000000000..7037048a45 --- /dev/null +++ b/test/test-network/conf/25-macsec.network @@ -0,0 +1,6 @@ +[Match] +Name=macsec99 + +[Network] +IPv6AcceptRA=no +Address=10.1.2.3/16 diff --git a/test/test-network/conf/macsec.network b/test/test-network/conf/macsec.network new file mode 100644 index 0000000000..d1360a59eb --- /dev/null +++ b/test/test-network/conf/macsec.network @@ -0,0 +1,9 @@ +[Match] +Name=dummy98 + +[Link] +MACAddress=00:50:56:c0:00:19 + +[Network] +IPv6AcceptRA=no +MACsec=macsec99 diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index b44cfe8d45..d9db9c1657 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -290,6 +290,9 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities): '25-ipip-tunnel.netdev', '25-ipvlan.netdev', '25-isatap-tunnel.netdev', + '25-macsec.key', + '25-macsec.netdev', + '25-macsec.network', '25-sit-tunnel-local-any.netdev', '25-sit-tunnel-remote-any.netdev', '25-sit-tunnel.netdev', @@ -322,6 +325,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities): 'ipip.network', 'ipvlan.network', 'isatap.network', + 'macsec.network', 'macvlan.network', 'macvtap.network', 'sit.network', @@ -875,6 +879,35 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities): self.assertRegex(output, 'remcsumrx') self.assertRegex(output, 'gbp') + def test_macsec(self): + self.copy_unit_to_networkd_unit_path('25-macsec.netdev', '25-macsec.network', '25-macsec.key', + 'macsec.network', '12-dummy.netdev') + self.start_networkd(0) + + self.wait_online(['dummy98:degraded', 'macsec99:routable']) + + output = subprocess.check_output(['ip', '-d', 'link', 'show', 'macsec99']).rstrip().decode('utf-8') + print(output) + self.assertRegex(output, 'macsec99@dummy98') + self.assertRegex(output, 'macsec sci [0-9a-f]*000b') + self.assertRegex(output, 'encrypt on') + + output = subprocess.check_output(['ip', 'macsec', 'show', 'macsec99']).rstrip().decode('utf-8') + print(output) + self.assertRegex(output, 'encrypt on') + self.assertRegex(output, 'TXSC: [0-9a-f]*000b on SA 1') + self.assertRegex(output, '0: PN [0-9]*, state on, key 01000000000000000000000000000000') + self.assertRegex(output, '1: PN [0-9]*, state on, key 02030000000000000000000000000000') + self.assertRegex(output, 'RXSC: c619528fe6a00100, state on') + self.assertRegex(output, '0: PN [0-9]*, state on, key 02030405000000000000000000000000') + self.assertRegex(output, '1: PN [0-9]*, state on, key 02030405060000000000000000000000') + self.assertRegex(output, '2: PN [0-9]*, state off, key 02030405060700000000000000000000') + self.assertRegex(output, '3: PN [0-9]*, state off, key 02030405060708000000000000000000') + self.assertNotRegex(output, 'key 02030405067080900000000000000000') + self.assertRegex(output, 'RXSC: 8c16456c83a90002, state on') + self.assertRegex(output, '0: PN [0-9]*, state off, key 02030400000000000000000000000000') + + class NetworkdL2TPTests(unittest.TestCase, Utilities): links =[