1e1ab601bSCosmin Ratiu#!/usr/bin/env python3 2e1ab601bSCosmin Ratiu# SPDX-License-Identifier: GPL-2.0 3e1ab601bSCosmin Ratiu 4e1ab601bSCosmin Ratiu"""MACsec tests.""" 5e1ab601bSCosmin Ratiu 6e1ab601bSCosmin Ratiuimport os 7e1ab601bSCosmin Ratiu 8e1ab601bSCosmin Ratiufrom lib.py import ksft_run, ksft_exit, ksft_eq, ksft_raises 9*26555673SCosmin Ratiufrom lib.py import ksft_variants, KsftNamedVariant 10e1ab601bSCosmin Ratiufrom lib.py import CmdExitFailure, KsftSkipEx 11e1ab601bSCosmin Ratiufrom lib.py import NetDrvEpEnv 12e1ab601bSCosmin Ratiufrom lib.py import cmd, ip, defer, ethtool 13e1ab601bSCosmin Ratiu 14*26555673SCosmin RatiuMACSEC_KEY = "12345678901234567890123456789012" 15*26555673SCosmin RatiuMACSEC_VLAN_VID = 10 16*26555673SCosmin Ratiu 17e1ab601bSCosmin Ratiu# Unique prefix per run to avoid collisions in the shared netns. 18e1ab601bSCosmin Ratiu# Keep it short: IFNAMSIZ is 16 (incl. NUL), and VLAN names append ".<vid>". 19e1ab601bSCosmin RatiuMACSEC_PFX = f"ms{os.getpid()}_" 20e1ab601bSCosmin Ratiu 21e1ab601bSCosmin Ratiu 22e1ab601bSCosmin Ratiudef _macsec_name(idx=0): 23e1ab601bSCosmin Ratiu return f"{MACSEC_PFX}{idx}" 24e1ab601bSCosmin Ratiu 25e1ab601bSCosmin Ratiu 26e1ab601bSCosmin Ratiudef _get_macsec_offload(dev): 27e1ab601bSCosmin Ratiu """Returns macsec offload mode string from ip -d link show.""" 28e1ab601bSCosmin Ratiu info = ip(f"-d link show dev {dev}", json=True)[0] 29e1ab601bSCosmin Ratiu return info.get("linkinfo", {}).get("info_data", {}).get("offload") 30e1ab601bSCosmin Ratiu 31e1ab601bSCosmin Ratiu 32e1ab601bSCosmin Ratiudef _get_features(dev): 33e1ab601bSCosmin Ratiu """Returns ethtool features dict for a device.""" 34e1ab601bSCosmin Ratiu return ethtool(f"-k {dev}", json=True)[0] 35e1ab601bSCosmin Ratiu 36e1ab601bSCosmin Ratiu 37e1ab601bSCosmin Ratiudef _require_ip_macsec(cfg): 38e1ab601bSCosmin Ratiu """SKIP if iproute2 on local or remote lacks 'ip macsec' support.""" 39e1ab601bSCosmin Ratiu for host in [None, cfg.remote]: 40e1ab601bSCosmin Ratiu out = cmd("ip macsec help", fail=False, host=host) 41e1ab601bSCosmin Ratiu if "Usage" not in out.stdout + out.stderr: 42e1ab601bSCosmin Ratiu where = "remote" if host else "local" 43e1ab601bSCosmin Ratiu raise KsftSkipEx(f"iproute2 too old on {where}," 44e1ab601bSCosmin Ratiu " missing macsec support") 45e1ab601bSCosmin Ratiu 46e1ab601bSCosmin Ratiu 47e1ab601bSCosmin Ratiudef _require_ip_macsec_offload(): 48e1ab601bSCosmin Ratiu """SKIP if local iproute2 doesn't understand 'ip macsec offload'.""" 49e1ab601bSCosmin Ratiu out = cmd("ip macsec help", fail=False) 50e1ab601bSCosmin Ratiu if "offload" not in out.stdout + out.stderr: 51e1ab601bSCosmin Ratiu raise KsftSkipEx("iproute2 too old, missing macsec offload") 52e1ab601bSCosmin Ratiu 53e1ab601bSCosmin Ratiu 54e1ab601bSCosmin Ratiudef _require_macsec_offload(cfg): 55e1ab601bSCosmin Ratiu """SKIP if local device doesn't support macsec-hw-offload.""" 56e1ab601bSCosmin Ratiu _require_ip_macsec_offload() 57e1ab601bSCosmin Ratiu try: 58e1ab601bSCosmin Ratiu feat = ethtool(f"-k {cfg.ifname}", json=True)[0] 59e1ab601bSCosmin Ratiu except (CmdExitFailure, IndexError) as e: 60e1ab601bSCosmin Ratiu raise KsftSkipEx( 61e1ab601bSCosmin Ratiu f"can't query features: {e}") from e 62e1ab601bSCosmin Ratiu if not feat.get("macsec-hw-offload", {}).get("active"): 63e1ab601bSCosmin Ratiu raise KsftSkipEx("macsec-hw-offload not supported") 64e1ab601bSCosmin Ratiu 65e1ab601bSCosmin Ratiu 66*26555673SCosmin Ratiudef _get_mac(ifname, host=None): 67*26555673SCosmin Ratiu """Gets MAC address of an interface.""" 68*26555673SCosmin Ratiu dev = ip(f"link show dev {ifname}", json=True, host=host) 69*26555673SCosmin Ratiu return dev[0]["address"] 70*26555673SCosmin Ratiu 71*26555673SCosmin Ratiu 72*26555673SCosmin Ratiudef _setup_macsec_sa(cfg, name): 73*26555673SCosmin Ratiu """Adds matching TX/RX SAs on both ends.""" 74*26555673SCosmin Ratiu local_mac = _get_mac(name) 75*26555673SCosmin Ratiu remote_mac = _get_mac(name, host=cfg.remote) 76*26555673SCosmin Ratiu 77*26555673SCosmin Ratiu ip(f"macsec add {name} tx sa 0 pn 1 on key 01 {MACSEC_KEY}") 78*26555673SCosmin Ratiu ip(f"macsec add {name} rx port 1 address {remote_mac}") 79*26555673SCosmin Ratiu ip(f"macsec add {name} rx port 1 address {remote_mac} " 80*26555673SCosmin Ratiu f"sa 0 pn 1 on key 02 {MACSEC_KEY}") 81*26555673SCosmin Ratiu 82*26555673SCosmin Ratiu ip(f"macsec add {name} tx sa 0 pn 1 on key 02 {MACSEC_KEY}", 83*26555673SCosmin Ratiu host=cfg.remote) 84*26555673SCosmin Ratiu ip(f"macsec add {name} rx port 1 address {local_mac}", host=cfg.remote) 85*26555673SCosmin Ratiu ip(f"macsec add {name} rx port 1 address {local_mac} " 86*26555673SCosmin Ratiu f"sa 0 pn 1 on key 01 {MACSEC_KEY}", host=cfg.remote) 87*26555673SCosmin Ratiu 88*26555673SCosmin Ratiu 89*26555673SCosmin Ratiudef _setup_macsec_devs(cfg, name, offload): 90*26555673SCosmin Ratiu """Creates macsec devices on both ends. 91*26555673SCosmin Ratiu 92*26555673SCosmin Ratiu Only the local device gets HW offload; the remote always uses software 93*26555673SCosmin Ratiu MACsec since it may not support offload at all. 94*26555673SCosmin Ratiu """ 95*26555673SCosmin Ratiu offload_arg = "mac" if offload else "off" 96*26555673SCosmin Ratiu 97*26555673SCosmin Ratiu ip(f"link add link {cfg.ifname} {name} " 98*26555673SCosmin Ratiu f"type macsec encrypt on offload {offload_arg}") 99*26555673SCosmin Ratiu defer(ip, f"link del {name}") 100*26555673SCosmin Ratiu ip(f"link add link {cfg.remote_ifname} {name} " 101*26555673SCosmin Ratiu f"type macsec encrypt on", host=cfg.remote) 102*26555673SCosmin Ratiu defer(ip, f"link del {name}", host=cfg.remote) 103*26555673SCosmin Ratiu 104*26555673SCosmin Ratiu 105*26555673SCosmin Ratiudef _set_offload(name, offload): 106*26555673SCosmin Ratiu """Sets offload on the local macsec device only.""" 107*26555673SCosmin Ratiu offload_arg = "mac" if offload else "off" 108*26555673SCosmin Ratiu 109*26555673SCosmin Ratiu ip(f"link set {name} type macsec encrypt on offload {offload_arg}") 110*26555673SCosmin Ratiu 111*26555673SCosmin Ratiu 112*26555673SCosmin Ratiudef _setup_vlans(cfg, name, vid): 113*26555673SCosmin Ratiu """Adds VLANs on top of existing macsec devs.""" 114*26555673SCosmin Ratiu vlan_name = f"{name}.{vid}" 115*26555673SCosmin Ratiu 116*26555673SCosmin Ratiu ip(f"link add link {name} {vlan_name} type vlan id {vid}") 117*26555673SCosmin Ratiu defer(ip, f"link del {vlan_name}") 118*26555673SCosmin Ratiu ip(f"link add link {name} {vlan_name} type vlan id {vid}", host=cfg.remote) 119*26555673SCosmin Ratiu defer(ip, f"link del {vlan_name}", host=cfg.remote) 120*26555673SCosmin Ratiu 121*26555673SCosmin Ratiu 122*26555673SCosmin Ratiudef _setup_vlan_ips(cfg, name, vid): 123*26555673SCosmin Ratiu """Adds VLANs and IPs and brings up the macsec + VLAN devices.""" 124*26555673SCosmin Ratiu local_ip = "198.51.100.1" 125*26555673SCosmin Ratiu remote_ip = "198.51.100.2" 126*26555673SCosmin Ratiu vlan_name = f"{name}.{vid}" 127*26555673SCosmin Ratiu 128*26555673SCosmin Ratiu ip(f"addr add {local_ip}/24 dev {vlan_name}") 129*26555673SCosmin Ratiu ip(f"addr add {remote_ip}/24 dev {vlan_name}", host=cfg.remote) 130*26555673SCosmin Ratiu ip(f"link set {name} up") 131*26555673SCosmin Ratiu ip(f"link set {name} up", host=cfg.remote) 132*26555673SCosmin Ratiu ip(f"link set {vlan_name} up") 133*26555673SCosmin Ratiu ip(f"link set {vlan_name} up", host=cfg.remote) 134*26555673SCosmin Ratiu 135*26555673SCosmin Ratiu return vlan_name, remote_ip 136*26555673SCosmin Ratiu 137*26555673SCosmin Ratiu 138e1ab601bSCosmin Ratiudef test_offload_api(cfg) -> None: 139e1ab601bSCosmin Ratiu """MACsec offload API: create SecY, add SA/rx, toggle offload.""" 140e1ab601bSCosmin Ratiu 141e1ab601bSCosmin Ratiu _require_macsec_offload(cfg) 142e1ab601bSCosmin Ratiu ms0 = _macsec_name(0) 143e1ab601bSCosmin Ratiu ms1 = _macsec_name(1) 144e1ab601bSCosmin Ratiu ms2 = _macsec_name(2) 145e1ab601bSCosmin Ratiu 146e1ab601bSCosmin Ratiu # Create 3 SecY with offload 147e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms0} type macsec " 148e1ab601bSCosmin Ratiu f"port 4 encrypt on offload mac") 149e1ab601bSCosmin Ratiu defer(ip, f"link del {ms0}") 150e1ab601bSCosmin Ratiu 151e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms1} type macsec " 152e1ab601bSCosmin Ratiu f"address aa:bb:cc:dd:ee:ff port 5 encrypt on offload mac") 153e1ab601bSCosmin Ratiu defer(ip, f"link del {ms1}") 154e1ab601bSCosmin Ratiu 155e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms2} type macsec " 156e1ab601bSCosmin Ratiu f"sci abbacdde01020304 encrypt on offload mac") 157e1ab601bSCosmin Ratiu defer(ip, f"link del {ms2}") 158e1ab601bSCosmin Ratiu 159e1ab601bSCosmin Ratiu # Add TX SA 160e1ab601bSCosmin Ratiu ip(f"macsec add {ms0} tx sa 0 pn 1024 on " 161e1ab601bSCosmin Ratiu "key 01 12345678901234567890123456789012") 162e1ab601bSCosmin Ratiu 163e1ab601bSCosmin Ratiu # Add RX SC + SA 164e1ab601bSCosmin Ratiu ip(f"macsec add {ms0} rx port 1234 address 1c:ed:de:ad:be:ef") 165e1ab601bSCosmin Ratiu ip(f"macsec add {ms0} rx port 1234 address 1c:ed:de:ad:be:ef " 166e1ab601bSCosmin Ratiu "sa 0 pn 1 on key 00 0123456789abcdef0123456789abcdef") 167e1ab601bSCosmin Ratiu 168e1ab601bSCosmin Ratiu # Can't disable offload when SAs are configured 169e1ab601bSCosmin Ratiu with ksft_raises(CmdExitFailure): 170e1ab601bSCosmin Ratiu ip(f"link set {ms0} type macsec offload off") 171e1ab601bSCosmin Ratiu with ksft_raises(CmdExitFailure): 172e1ab601bSCosmin Ratiu ip(f"macsec offload {ms0} off") 173e1ab601bSCosmin Ratiu 174e1ab601bSCosmin Ratiu # Toggle offload via rtnetlink on SA-free device 175e1ab601bSCosmin Ratiu ip(f"link set {ms2} type macsec offload off") 176e1ab601bSCosmin Ratiu ip(f"link set {ms2} type macsec encrypt on offload mac") 177e1ab601bSCosmin Ratiu 178e1ab601bSCosmin Ratiu # Toggle offload via genetlink 179e1ab601bSCosmin Ratiu ip(f"macsec offload {ms2} off") 180e1ab601bSCosmin Ratiu ip(f"macsec offload {ms2} mac") 181e1ab601bSCosmin Ratiu 182e1ab601bSCosmin Ratiu 183e1ab601bSCosmin Ratiudef test_max_secy(cfg) -> None: 184e1ab601bSCosmin Ratiu """nsim-only test for max number of SecYs.""" 185e1ab601bSCosmin Ratiu 186e1ab601bSCosmin Ratiu cfg.require_nsim() 187e1ab601bSCosmin Ratiu _require_ip_macsec_offload() 188e1ab601bSCosmin Ratiu ms0 = _macsec_name(0) 189e1ab601bSCosmin Ratiu ms1 = _macsec_name(1) 190e1ab601bSCosmin Ratiu ms2 = _macsec_name(2) 191e1ab601bSCosmin Ratiu ms3 = _macsec_name(3) 192e1ab601bSCosmin Ratiu 193e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms0} type macsec " 194e1ab601bSCosmin Ratiu f"port 4 encrypt on offload mac") 195e1ab601bSCosmin Ratiu defer(ip, f"link del {ms0}") 196e1ab601bSCosmin Ratiu 197e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms1} type macsec " 198e1ab601bSCosmin Ratiu f"address aa:bb:cc:dd:ee:ff port 5 encrypt on offload mac") 199e1ab601bSCosmin Ratiu defer(ip, f"link del {ms1}") 200e1ab601bSCosmin Ratiu 201e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms2} type macsec " 202e1ab601bSCosmin Ratiu f"sci abbacdde01020304 encrypt on offload mac") 203e1ab601bSCosmin Ratiu defer(ip, f"link del {ms2}") 204e1ab601bSCosmin Ratiu with ksft_raises(CmdExitFailure): 205e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms3} " 206e1ab601bSCosmin Ratiu f"type macsec port 8 encrypt on offload mac") 207e1ab601bSCosmin Ratiu 208e1ab601bSCosmin Ratiu 209e1ab601bSCosmin Ratiudef test_max_sc(cfg) -> None: 210e1ab601bSCosmin Ratiu """nsim-only test for max number of SCs.""" 211e1ab601bSCosmin Ratiu 212e1ab601bSCosmin Ratiu cfg.require_nsim() 213e1ab601bSCosmin Ratiu _require_ip_macsec_offload() 214e1ab601bSCosmin Ratiu ms0 = _macsec_name(0) 215e1ab601bSCosmin Ratiu 216e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms0} type macsec " 217e1ab601bSCosmin Ratiu f"port 4 encrypt on offload mac") 218e1ab601bSCosmin Ratiu defer(ip, f"link del {ms0}") 219e1ab601bSCosmin Ratiu ip(f"macsec add {ms0} rx port 1234 address 1c:ed:de:ad:be:ef") 220e1ab601bSCosmin Ratiu with ksft_raises(CmdExitFailure): 221e1ab601bSCosmin Ratiu ip(f"macsec add {ms0} rx port 1235 address 1c:ed:de:ad:be:ef") 222e1ab601bSCosmin Ratiu 223e1ab601bSCosmin Ratiu 224e1ab601bSCosmin Ratiudef test_offload_state(cfg) -> None: 225e1ab601bSCosmin Ratiu """Offload state reflects configuration changes.""" 226e1ab601bSCosmin Ratiu 227e1ab601bSCosmin Ratiu _require_macsec_offload(cfg) 228e1ab601bSCosmin Ratiu ms0 = _macsec_name(0) 229e1ab601bSCosmin Ratiu 230e1ab601bSCosmin Ratiu # Create with offload on 231e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms0} type macsec " 232e1ab601bSCosmin Ratiu f"encrypt on offload mac") 233e1ab601bSCosmin Ratiu cleanup = defer(ip, f"link del {ms0}") 234e1ab601bSCosmin Ratiu 235e1ab601bSCosmin Ratiu ksft_eq(_get_macsec_offload(ms0), "mac", 236e1ab601bSCosmin Ratiu "created with offload: should be mac") 237e1ab601bSCosmin Ratiu feats_on_1 = _get_features(ms0) 238e1ab601bSCosmin Ratiu 239e1ab601bSCosmin Ratiu ip(f"link set {ms0} type macsec offload off") 240e1ab601bSCosmin Ratiu ksft_eq(_get_macsec_offload(ms0), "off", 241e1ab601bSCosmin Ratiu "offload disabled: should be off") 242e1ab601bSCosmin Ratiu feats_off_1 = _get_features(ms0) 243e1ab601bSCosmin Ratiu 244e1ab601bSCosmin Ratiu ip(f"link set {ms0} type macsec encrypt on offload mac") 245e1ab601bSCosmin Ratiu ksft_eq(_get_macsec_offload(ms0), "mac", 246e1ab601bSCosmin Ratiu "offload re-enabled: should be mac") 247e1ab601bSCosmin Ratiu ksft_eq(_get_features(ms0), feats_on_1, 248e1ab601bSCosmin Ratiu "features should match first offload-on snapshot") 249e1ab601bSCosmin Ratiu 250e1ab601bSCosmin Ratiu # Delete and recreate without offload 251e1ab601bSCosmin Ratiu cleanup.exec() 252e1ab601bSCosmin Ratiu ip(f"link add link {cfg.ifname} {ms0} type macsec") 253e1ab601bSCosmin Ratiu defer(ip, f"link del {ms0}") 254e1ab601bSCosmin Ratiu ksft_eq(_get_macsec_offload(ms0), "off", 255e1ab601bSCosmin Ratiu "created without offload: should be off") 256e1ab601bSCosmin Ratiu ksft_eq(_get_features(ms0), feats_off_1, 257e1ab601bSCosmin Ratiu "features should match first offload-off snapshot") 258e1ab601bSCosmin Ratiu 259e1ab601bSCosmin Ratiu ip(f"link set {ms0} type macsec encrypt on offload mac") 260e1ab601bSCosmin Ratiu ksft_eq(_get_macsec_offload(ms0), "mac", 261e1ab601bSCosmin Ratiu "offload enabled after create: should be mac") 262e1ab601bSCosmin Ratiu ksft_eq(_get_features(ms0), feats_on_1, 263e1ab601bSCosmin Ratiu "features should match first offload-on snapshot") 264e1ab601bSCosmin Ratiu 265e1ab601bSCosmin Ratiu 266*26555673SCosmin Ratiudef _check_nsim_vid(cfg, vid, expected) -> None: 267*26555673SCosmin Ratiu """Checks if a VLAN is present. Only works on netdevsim.""" 268*26555673SCosmin Ratiu 269*26555673SCosmin Ratiu nsim = cfg.get_local_nsim_dev() 270*26555673SCosmin Ratiu if not nsim: 271*26555673SCosmin Ratiu return 272*26555673SCosmin Ratiu 273*26555673SCosmin Ratiu vlan_path = os.path.join(nsim.nsims[0].dfs_dir, "vlan") 274*26555673SCosmin Ratiu with open(vlan_path, encoding="utf-8") as f: 275*26555673SCosmin Ratiu vids = f.read() 276*26555673SCosmin Ratiu found = f"ctag {vid}\n" in vids 277*26555673SCosmin Ratiu ksft_eq(found, expected, 278*26555673SCosmin Ratiu f"VLAN {vid} {'expected' if expected else 'not expected'}" 279*26555673SCosmin Ratiu f" in debugfs") 280*26555673SCosmin Ratiu 281*26555673SCosmin Ratiu 282*26555673SCosmin Ratiu@ksft_variants([ 283*26555673SCosmin Ratiu KsftNamedVariant("offloaded", True), 284*26555673SCosmin Ratiu KsftNamedVariant("software", False), 285*26555673SCosmin Ratiu]) 286*26555673SCosmin Ratiudef test_vlan(cfg, offload) -> None: 287*26555673SCosmin Ratiu """Ping through VLAN-over-macsec.""" 288*26555673SCosmin Ratiu 289*26555673SCosmin Ratiu _require_ip_macsec(cfg) 290*26555673SCosmin Ratiu if offload: 291*26555673SCosmin Ratiu _require_macsec_offload(cfg) 292*26555673SCosmin Ratiu else: 293*26555673SCosmin Ratiu _require_ip_macsec_offload() 294*26555673SCosmin Ratiu name = _macsec_name() 295*26555673SCosmin Ratiu _setup_macsec_devs(cfg, name, offload=offload) 296*26555673SCosmin Ratiu _setup_macsec_sa(cfg, name) 297*26555673SCosmin Ratiu _setup_vlans(cfg, name, MACSEC_VLAN_VID) 298*26555673SCosmin Ratiu vlan_name, remote_ip = _setup_vlan_ips(cfg, name, MACSEC_VLAN_VID) 299*26555673SCosmin Ratiu _check_nsim_vid(cfg, MACSEC_VLAN_VID, offload) 300*26555673SCosmin Ratiu # nsim doesn't handle the data path for offloaded macsec, so skip 301*26555673SCosmin Ratiu # the ping when offloaded on nsim. 302*26555673SCosmin Ratiu if not offload or not cfg.get_local_nsim_dev(): 303*26555673SCosmin Ratiu cmd(f"ping -I {vlan_name} -c 1 -W 5 {remote_ip}") 304*26555673SCosmin Ratiu 305*26555673SCosmin Ratiu 306*26555673SCosmin Ratiu@ksft_variants([ 307*26555673SCosmin Ratiu KsftNamedVariant("on_to_off", True), 308*26555673SCosmin Ratiu KsftNamedVariant("off_to_on", False), 309*26555673SCosmin Ratiu]) 310*26555673SCosmin Ratiudef test_vlan_toggle(cfg, offload) -> None: 311*26555673SCosmin Ratiu """Toggle offload: VLAN filters propagate/remove correctly.""" 312*26555673SCosmin Ratiu 313*26555673SCosmin Ratiu _require_ip_macsec(cfg) 314*26555673SCosmin Ratiu _require_macsec_offload(cfg) 315*26555673SCosmin Ratiu name = _macsec_name() 316*26555673SCosmin Ratiu _setup_macsec_devs(cfg, name, offload=offload) 317*26555673SCosmin Ratiu _setup_vlans(cfg, name, MACSEC_VLAN_VID) 318*26555673SCosmin Ratiu _check_nsim_vid(cfg, MACSEC_VLAN_VID, offload) 319*26555673SCosmin Ratiu _set_offload(name, offload=not offload) 320*26555673SCosmin Ratiu _check_nsim_vid(cfg, MACSEC_VLAN_VID, not offload) 321*26555673SCosmin Ratiu vlan_name, remote_ip = _setup_vlan_ips(cfg, name, MACSEC_VLAN_VID) 322*26555673SCosmin Ratiu _setup_macsec_sa(cfg, name) 323*26555673SCosmin Ratiu # nsim doesn't handle the data path for offloaded macsec, so skip 324*26555673SCosmin Ratiu # the ping when the final state is offloaded on nsim. 325*26555673SCosmin Ratiu if offload or not cfg.get_local_nsim_dev(): 326*26555673SCosmin Ratiu cmd(f"ping -I {vlan_name} -c 1 -W 5 {remote_ip}") 327*26555673SCosmin Ratiu 328*26555673SCosmin Ratiu 329e1ab601bSCosmin Ratiudef main() -> None: 330e1ab601bSCosmin Ratiu """Main program.""" 331e1ab601bSCosmin Ratiu with NetDrvEpEnv(__file__) as cfg: 332e1ab601bSCosmin Ratiu ksft_run([test_offload_api, 333e1ab601bSCosmin Ratiu test_max_secy, 334e1ab601bSCosmin Ratiu test_max_sc, 335e1ab601bSCosmin Ratiu test_offload_state, 336*26555673SCosmin Ratiu test_vlan, 337*26555673SCosmin Ratiu test_vlan_toggle, 338e1ab601bSCosmin Ratiu ], args=(cfg,)) 339e1ab601bSCosmin Ratiu ksft_exit() 340e1ab601bSCosmin Ratiu 341e1ab601bSCosmin Ratiu 342e1ab601bSCosmin Ratiuif __name__ == "__main__": 343e1ab601bSCosmin Ratiu main() 344