#!/bin/sh # Setup modprobe macsec ip netns add macsec_ns ip link add macsec_veth type veth peer name macsec_vethp ip link set macsec_vethp netns macsec_ns ip link set macsec_veth up ip netns exec macsec_ns ip link set macsec_vethp up echo 'eapol_version=3' > /tmp/wpa_supplicant.conf echo 'ap_scan=0' >> /tmp/wpa_supplicant.conf echo 'network={' >> /tmp/wpa_supplicant.conf echo ' key_mgmt=NONE' >> /tmp/wpa_supplicant.conf echo ' eapol_flags=0' >> /tmp/wpa_supplicant.conf echo ' macsec_policy=1' >> /tmp/wpa_supplicant.conf echo ' mka_cak=00112233445566778899001122334455' >> /tmp/wpa_supplicant.conf echo ' mka_ckn=5544332211009988776655443322110055443322110099887766554433221100' >> /tmp/wpa_supplicant.conf echo '}' >> /tmp/wpa_supplicant.conf ip netns exec macsec_ns wpa_supplicant -c /tmp/wpa_supplicant.conf \ -i macsec_vethp \ -B \ -D macsec_linux \ -P /tmp/wpa_supplicant_ms.pid sleep 6 ip netns exec macsec_ns ip link show macsec0 ip netns exec macsec_ns ip link set macsec0 up ip netns exec macsec_ns ip addr add 172.16.10.1/24 dev macsec0 ip netns exec macsec_ns dnsmasq --pid-file=/tmp/dnsmasq_ms.pid \ --dhcp-range=172.16.10.10,172.16.10.254,60m \ --interface=macsec0 \ --bind-interfaces # Test nmcli con add type ethernet con-name test-macsec-base ifname macsec_veth ipv4.method disabled ipv6.method ignore nmcli con add type macsec con-name test-macsec ifname macsec0 autoconnect no macsec.parent macsec_veth macsec.mode psk macsec.mka-cak 00112233445566778899001122334455 macsec.mka-ckn 5544332211009988776655443322110055443322110099887766554433221100 nmcli con up test-macsec-base nmcli con up test-macsec ping -c 2 172.16.10.1 # Clean up kill $(cat /tmp/wpa_supplicant_ms.pid) kill $(cat /tmp/dnsmasq_ms.pid) ip link del macsec_vethp ip netns delete macsec_ns nmcli connection delete test-macsec test-macsec-base modprobe -r macsec