Bug 1300765
| Summary: | Add support for MACsec | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Phil Sutter <psutter> |
| Component: | iproute | Assignee: | Davide Caratti <dcaratti> |
| Status: | CLOSED ERRATA | QA Contact: | haidong li <haili> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | CC: | aloughla, aokuliar, atragler, dcaratti, jhladky, kzhang, mleitner, osabart, rkhan, wilbur.k.smith |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | iproute-3.10.0-68.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-03 23:38:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1104151 | ||
| Bug Blocks: | |||
|
Description
Phil Sutter
2016-01-21 16:33:50 UTC
Patches have been accepted upstream:
commit 89ae502056f58a0177b9970f1f79a9683ac7fdd0
Author: Sabrina Dubroca <sd>
Date: Fri Jun 3 16:45:45 2016 +0200
utils: make hexstring_a2n provide the number of hex digits parsed
Signed-off-by: Sabrina Dubroca <sd>
Acked-by: Phil Sutter <phil>
commit 9f7401fa4967178a071c53498f6bdc460c7cc4ea
Author: Sabrina Dubroca <sd>
Date: Fri Jun 3 16:45:46 2016 +0200
utils: add get_be{16, 32, 64}, use them where possible
Signed-off-by: Sabrina Dubroca <sd>
Acked-by: Phil Sutter <phil>
commit 609640f5f0feda8099b04452297d81dd1a8a1777
Author: Sabrina Dubroca <sd>
Date: Fri Jun 3 16:45:47 2016 +0200
utils: provide get_hex to read a hex digit from a char
Signed-off-by: Sabrina Dubroca <sd>
Acked-by: Phil Sutter <phil>
commit b26fc590ce6272835da35c016f6a99f5f43d6a88
Author: Sabrina Dubroca <sd>
Date: Wed Jun 8 09:34:21 2016 -0700
ip: add MACsec support
Extend ip-link to create MACsec devices
ip link add link <master> <macsec> type macsec [options]
Add `ip macsec` command to configure receive-side secure channels and
secure associations within a macsec netdevice.
Signed-off-by: Sabrina Dubroca <sd>
Acked-by: Phil Sutter <phil>
Can you provide any details on the upstream project working on this? Is this work just for the supplicant, or is it also supporting the encryption function? Would the server/workstation still need hardware support on the network adaptor? Thanks for any details you can provide. (In reply to Wilbur Smith from comment #8) > Can you provide any details on the upstream project working on this? > > Is this work just for the supplicant, or is it also supporting the > encryption function? > > Would the server/workstation still need hardware support on the network > adaptor? > > Thanks for any details you can provide. Found additional details here: http://www.spinics.net/lists/netdev/msg362389.html http://www.netdevconf.org/1.1/proceedings/slides/dubroca-macsec-encryption-wire-lan.pdf This bug is verified: job link: https://beaker.engineering.redhat.com/jobs/1487516 tested on version 3.10.0-500.el7.x86_64: ip macsec command check MTU check promiscuous mode Setup masec between 2 netns, do ping/netperf test Setup masec between netns with br0, do ping/DHCP/RA test Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2162.html |