Hide Forgot
As we are considering adding support for macsec to RHEL7.3 kernel, the related iproute support patches should be backported, too. This ticket actually depends on two conditions to be met: 1. Bug 1104151 (Support for MACsec (IEEE 802.1AE) in RHEL7) needs to be resolved for RHEL7.3. 2. MACsec support patches for iproute2 need to be accepted upstream.
Patches have been accepted upstream: commit 89ae502056f58a0177b9970f1f79a9683ac7fdd0 Author: Sabrina Dubroca <sd> Date: Fri Jun 3 16:45:45 2016 +0200 utils: make hexstring_a2n provide the number of hex digits parsed Signed-off-by: Sabrina Dubroca <sd> Acked-by: Phil Sutter <phil> commit 9f7401fa4967178a071c53498f6bdc460c7cc4ea Author: Sabrina Dubroca <sd> Date: Fri Jun 3 16:45:46 2016 +0200 utils: add get_be{16, 32, 64}, use them where possible Signed-off-by: Sabrina Dubroca <sd> Acked-by: Phil Sutter <phil> commit 609640f5f0feda8099b04452297d81dd1a8a1777 Author: Sabrina Dubroca <sd> Date: Fri Jun 3 16:45:47 2016 +0200 utils: provide get_hex to read a hex digit from a char Signed-off-by: Sabrina Dubroca <sd> Acked-by: Phil Sutter <phil> commit b26fc590ce6272835da35c016f6a99f5f43d6a88 Author: Sabrina Dubroca <sd> Date: Wed Jun 8 09:34:21 2016 -0700 ip: add MACsec support Extend ip-link to create MACsec devices ip link add link <master> <macsec> type macsec [options] Add `ip macsec` command to configure receive-side secure channels and secure associations within a macsec netdevice. Signed-off-by: Sabrina Dubroca <sd> Acked-by: Phil Sutter <phil>
Can you provide any details on the upstream project working on this? Is this work just for the supplicant, or is it also supporting the encryption function? Would the server/workstation still need hardware support on the network adaptor? Thanks for any details you can provide.
(In reply to Wilbur Smith from comment #8) > Can you provide any details on the upstream project working on this? > > Is this work just for the supplicant, or is it also supporting the > encryption function? > > Would the server/workstation still need hardware support on the network > adaptor? > > Thanks for any details you can provide. Found additional details here: http://www.spinics.net/lists/netdev/msg362389.html http://www.netdevconf.org/1.1/proceedings/slides/dubroca-macsec-encryption-wire-lan.pdf
This bug is verified: job link: https://beaker.engineering.redhat.com/jobs/1487516 tested on version 3.10.0-500.el7.x86_64: ip macsec command check MTU check promiscuous mode Setup masec between 2 netns, do ping/netperf test Setup masec between netns with br0, do ping/DHCP/RA test
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2162.html