Patchwork [PATCHv2,10b/21] VLAN: Use new data type for VLAN description.

login
register
mail settings
Submitter michael-dev@fami-braun.de
Date May 17, 2013, 9:44 a.m.
Message ID <b90ff9623644aa263ff05ef827ca7eeea27c31de2.1370512966.git.michael-dev@fami-braun.de>
Download mbox | patch
Permalink /patch/249389/
State Superseded
Headers show

Comments

michael-dev@fami-braun.de - May 17, 2013, 9:44 a.m.
This hides away the details of the currently in-use VLAN model
and is preparing for adding tagged VLAN support later on.
Implementing this as inline functions lets the compiler create
as fast code as before the change.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>

 create mode 100644 src/common/vlan.h

Patch

diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 833f1b2..25619c7 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -246,6 +246,8 @@  void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
 	os_free(sta->sae);
 #endif /* CONFIG_SAE */
 
+	vlan_free(&sta->vlan_id);
+
 	os_free(sta);
 }
 
@@ -661,7 +663,7 @@  int ap_sta_wps_cancel(struct hostapd_data *hapd,
 
 
 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
-		     int old_vlanid)
+		     vlan_t old_vlanid)
 {
 #ifndef CONFIG_NO_VLAN
 	const char *iface;
@@ -672,14 +674,14 @@  int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
 	 * Do not proceed furthur if the vlan id remains same. We do not want
 	 * duplicate dynamic vlan entries.
 	 */
-	if (sta->vlan_id == old_vlanid)
+	if (vlan_cmp(&sta->vlan_id, &old_vlanid))
 		return 0;
 
 	/*
 	 * During 1x reauth, if the vlan id changes, then remove the old id and
 	 * proceed furthur to add the new one.
 	 */
-	if (old_vlanid > 0)
+	if (vlan_notempty(&old_vlanid) && vlan_untagged(&old_vlanid) >= 0)
 		vlan_remove_dynamic(hapd, old_vlanid);
 
 	iface = hapd->conf->iface;
@@ -687,12 +689,13 @@  int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
 		iface = sta->ssid->vlan;
 
 	if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
-		sta->vlan_id = 0;
-	else if (sta->vlan_id > 0) {
+		vlan_free(&sta->vlan_id);
+	else if (vlan_notempty(&sta->vlan_id) &&
+	         vlan_untagged(&sta->vlan_id) >= 0) {
 		vlan = hapd->conf->vlan;
 		while (vlan) {
-			if (vlan->vlan_id == sta->vlan_id ||
-			    vlan->vlan_id == VLAN_ID_WILDCARD) {
+			if (vlan_cmp(&vlan->vlan_id, &sta->vlan_id) ||
+			    vlan_untagged(&vlan->vlan_id) == VLAN_ID_WILDCARD) {
 				iface = vlan->ifname;
 				break;
 			}
@@ -700,20 +703,23 @@  int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
 		}
 	}
 
-	if (sta->vlan_id > 0 && vlan == NULL) {
+	if (vlan_notempty(&sta->vlan_id) &&
+	    vlan_untagged(&sta->vlan_id) >= 0 && vlan == NULL) {
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 			       HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
 			       "binding station to (vlan_id=%d)",
-			       sta->vlan_id);
+			       vlan_untagged(&sta->vlan_id));
 		return -1;
-	} else if (sta->vlan_id > 0 && vlan->vlan_id == VLAN_ID_WILDCARD) {
+	} else if (vlan_notempty(&sta->vlan_id) &&
+	           vlan_untagged(&sta->vlan_id) >= 0 &&
+		   vlan_untagged(&vlan->vlan_id) == VLAN_ID_WILDCARD) {
 		vlan = vlan_add_dynamic(hapd, vlan, sta->vlan_id);
 		if (vlan == NULL) {
 			hostapd_logger(hapd, sta->addr,
 				       HOSTAPD_MODULE_IEEE80211,
 				       HOSTAPD_LEVEL_DEBUG, "could not add "
 				       "dynamic VLAN interface for vlan_id=%d",
-				       sta->vlan_id);
+				       vlan_untagged(&sta->vlan_id));
 			return -1;
 		}
 
@@ -724,14 +730,15 @@  int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
 				       HOSTAPD_LEVEL_DEBUG, "could not "
 				       "configure encryption for dynamic VLAN "
 				       "interface for vlan_id=%d",
-				       sta->vlan_id);
+				       vlan_untagged(&sta->vlan_id));
 		}
 
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 			       HOSTAPD_LEVEL_DEBUG, "added new dynamic VLAN "
 			       "interface '%s'", iface);
-	} else if (vlan && vlan->vlan_id == sta->vlan_id) {
-		if (sta->vlan_id > 0) {
+	} else if (vlan && vlan_cmp(&vlan->vlan_id, &sta->vlan_id)) {
+		if (vlan_notempty(&sta->vlan_id) &&
+		    vlan_untagged(&sta->vlan_id) >= 0) {
 			vlan->dynamic_vlan++;
 			hostapd_logger(hapd, sta->addr,
 				       HOSTAPD_MODULE_IEEE80211,
@@ -751,7 +758,7 @@  int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
 				       HOSTAPD_LEVEL_DEBUG, "could not "
 				       "configure encryption for VLAN "
 				       "interface for vlan_id=%d",
-				       sta->vlan_id);
+				       vlan_untagged(&sta->vlan_id));
 		}
 	}
 
@@ -766,7 +773,8 @@  int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
 	if (ret < 0) {
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 			       HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
-			       "entry to vlan_id=%d", sta->vlan_id);
+			       "entry to vlan_id=%d",
+			       vlan_untagged(&sta->vlan_id));
 	}
 	return ret;
 #else /* CONFIG_NO_VLAN */
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index f8f5a83..c2d1525 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -9,6 +9,8 @@ 
 #ifndef STA_INFO_H
 #define STA_INFO_H
 
+#include "common/vlan.h"
+
 /* STA flags */
 #define WLAN_STA_AUTH BIT(0)
 #define WLAN_STA_ASSOC BIT(1)
@@ -95,7 +97,7 @@  struct sta_info {
 	struct hostapd_ssid *ssid; /* SSID selection based on (Re)AssocReq */
 	struct hostapd_ssid *ssid_probe; /* SSID selection based on ProbeReq */
 
-	int vlan_id;
+	vlan_t vlan_id;
 	 /* PSKs from RADIUS authentication server */
 	struct hostapd_sta_wpa_psk_short *psk;
 
@@ -174,7 +176,7 @@  int ap_sta_wps_cancel(struct hostapd_data *hapd,
 		      struct sta_info *sta, void *ctx);
 #endif /* CONFIG_WPS */
 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
-		     int old_vlanid);
+		     vlan_t old_vlanid);
 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta);
 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta);
 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta);
diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c
index 5da148a..8fe061e 100644
--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
@@ -611,14 +611,15 @@  static void vlan_newlink(char *ifname, struct hostapd_data *hapd)
 			if (hapd->conf->vlan_bridge[0]) {
 				os_snprintf(br_name, sizeof(br_name), "%s%d",
 					    hapd->conf->vlan_bridge,
-					    vlan->vlan_id);
+					    vlan_untagged(&vlan->vlan_id));
 			} else if (tagged_interface) {
 				os_snprintf(br_name, sizeof(br_name),
 				            "br%s.%d", tagged_interface,
-					    vlan->vlan_id);
+					    vlan_untagged(&vlan->vlan_id));
 			} else {
 				os_snprintf(br_name, sizeof(br_name),
-				            "brvlan%d", vlan->vlan_id);
+				            "brvlan%d",
+					    vlan_untagged(&vlan->vlan_id));
 			}
 
 			ret = br_addbr(br_name);
@@ -634,15 +635,19 @@  static void vlan_newlink(char *ifname, struct hostapd_data *hapd)
 					os_snprintf(vlan_ifname,
 						    sizeof(vlan_ifname),
 						    "%s.%d", tagged_interface,
-						    vlan->vlan_id);
+						    vlan_untagged(
+						      &vlan->vlan_id));
 				else
 					os_snprintf(vlan_ifname,
 						    sizeof(vlan_ifname),
-						    "vlan%d", vlan->vlan_id);
+						    "vlan%d",
+						    vlan_untagged(
+						      &vlan->vlan_id));
 
 				ifconfig_up(tagged_interface);
-				ret = vlan_add(tagged_interface, vlan->vlan_id,
-					      vlan_ifname);
+				ret = vlan_add(tagged_interface,
+				               vlan_untagged(&vlan->vlan_id),
+					       vlan_ifname);
 				if (hapd_get_dynamic_iface(NULL, vlan_ifname,
 				                           (ret == 0), hapd))
 					vlan->clean |= DVLAN_CLEAN_VLAN;
@@ -687,14 +692,15 @@  static void vlan_dellink(char *ifname, struct hostapd_data *hapd)
 			if (hapd->conf->vlan_bridge[0]) {
 				os_snprintf(br_name, sizeof(br_name), "%s%d",
 					    hapd->conf->vlan_bridge,
-					    vlan->vlan_id);
+					    vlan_untagged(&vlan->vlan_id));
 			} else if (tagged_interface) {
-				os_snprintf(br_name, sizeof(br_name),
-				            "br%s.%d", tagged_interface,
-					    vlan->vlan_id);
+				os_snprintf(br_name, sizeof(br_name), "br%s.%d",
+					    tagged_interface,
+					    vlan_untagged(&vlan->vlan_id));
 			} else {
 				os_snprintf(br_name, sizeof(br_name),
-				            "brvlan%d", vlan->vlan_id);
+				            "brvlan%d",
+					    vlan_untagged(&vlan->vlan_id));
 			}
 
 			if ((vlan->clean & DVLAN_CLEAN_WLAN_PORT) &&
@@ -708,11 +714,14 @@  static void vlan_dellink(char *ifname, struct hostapd_data *hapd)
 					os_snprintf(vlan_ifname,
 						    sizeof(vlan_ifname),
 						    "%s.%d", tagged_interface,
-						    vlan->vlan_id);
+						    vlan_untagged(
+						      &vlan->vlan_id));
 				else
 					os_snprintf(vlan_ifname,
 						    sizeof(vlan_ifname),
-						    "vlan%d", vlan->vlan_id);
+						    "vlan%d",
+						    vlan_untagged(
+						      &vlan->vlan_id));
 				if ((vlan->clean & DVLAN_CLEAN_VLAN_PORT) &&
 				    hapd_put_dynamic_iface(br_name,
 				                            vlan_ifname, hapd))
@@ -737,6 +746,8 @@  static void vlan_dellink(char *ifname, struct hostapd_data *hapd)
 			} else {
 				prev->next = vlan->next;
 			}
+
+			vlan_free(&vlan->vlan_id);
 			os_free(vlan);
 
 			break;
@@ -936,7 +947,7 @@  static int vlan_dynamic_add(struct hostapd_data *hapd,
 			    struct hostapd_vlan *vlan)
 {
 	while (vlan) {
-		if (vlan->vlan_id != VLAN_ID_WILDCARD) {
+		if (vlan_untagged(&vlan->vlan_id) != VLAN_ID_WILDCARD) {
 			if (hostapd_vlan_if_add(hapd, vlan->ifname)) {
 				if (errno != EEXIST) {
 					wpa_printf(MSG_ERROR, "VLAN: Could "
@@ -966,7 +977,7 @@  static void vlan_dynamic_remove(struct hostapd_data *hapd,
 	while (vlan) {
 		next = vlan->next;
 
-		if (vlan->vlan_id != VLAN_ID_WILDCARD &&
+		if (vlan_untagged(&vlan->vlan_id) != VLAN_ID_WILDCARD &&
 		    hostapd_vlan_if_remove(hapd, vlan->ifname)) {
 			wpa_printf(MSG_ERROR, "VLAN: Could not remove VLAN "
 				   "iface: %s: %s",
@@ -999,7 +1010,7 @@  int vlan_init(struct hostapd_data *hapd)
 			return -1;
 		}
 
-		vlan->vlan_id = VLAN_ID_WILDCARD;
+		vlan_alloc(&vlan->vlan_id, VLAN_ID_WILDCARD);
 		os_snprintf(vlan->ifname, sizeof(vlan->ifname), "%s.#",
 			    hapd->conf->iface);
 		vlan->next = hapd->conf->vlan;
@@ -1025,17 +1036,18 @@  void vlan_deinit(struct hostapd_data *hapd)
 
 struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
 				       struct hostapd_vlan *vlan,
-				       int vlan_id)
+				       vlan_t vlan_id)
 {
 	struct hostapd_vlan *n;
 	char *ifname, *pos;
 
-	if (vlan == NULL || vlan_id <= 0 || vlan_id > MAX_VLAN_ID ||
-	    vlan->vlan_id != VLAN_ID_WILDCARD)
+	if (vlan == NULL || vlan_untagged(&vlan_id) <= 0 ||
+	    vlan_untagged(&vlan_id) > MAX_VLAN_ID ||
+	    vlan_untagged(&vlan->vlan_id) != VLAN_ID_WILDCARD)
 		return NULL;
 
 	wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d ifname=%s)",
-		   __func__, vlan_id, vlan->ifname);
+		   __func__, vlan_untagged(&vlan_id), vlan->ifname);
 	ifname = os_strdup(vlan->ifname);
 	if (ifname == NULL)
 		return NULL;
@@ -1052,11 +1064,11 @@  struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
 		return NULL;
 	}
 
-	n->vlan_id = vlan_id;
+	vlan_alloc_copy(&n->vlan_id, &vlan_id);
 	n->dynamic_vlan = 1;
 
-	os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
-		    pos);
+	os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname,
+	            vlan_untagged(&vlan_id), pos);
 	os_free(ifname);
 
 	if (hostapd_vlan_if_add(hapd, n->ifname)) {
@@ -1075,18 +1087,21 @@  struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
 }
 
 
-int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id)
+int vlan_remove_dynamic(struct hostapd_data *hapd, vlan_t vlan_id)
 {
 	struct hostapd_vlan *vlan;
 
-	if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID)
+	if (vlan_untagged(&vlan_id) <= 0 ||
+	    vlan_untagged(&vlan_id) > MAX_VLAN_ID)
 		return 1;
 
-	wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d)", __func__, vlan_id);
+	wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d)", __func__,
+	           vlan_untagged(&vlan_id));
 
 	vlan = hapd->conf->vlan;
 	while (vlan) {
-		if (vlan->vlan_id == vlan_id && vlan->dynamic_vlan > 0) {
+		if (vlan_cmp(&vlan->vlan_id, &vlan_id) &&
+		    vlan->dynamic_vlan > 0) {
 			vlan->dynamic_vlan--;
 			break;
 		}
diff --git a/src/ap/vlan_init.h b/src/ap/vlan_init.h
index 382d5de..6d4c65f 100644
--- a/src/ap/vlan_init.h
+++ b/src/ap/vlan_init.h
@@ -21,8 +21,8 @@  int vlan_init(struct hostapd_data *hapd);
 void vlan_deinit(struct hostapd_data *hapd);
 struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
 				       struct hostapd_vlan *vlan,
-				       int vlan_id);
-int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id);
+				       vlan_t vlan_id);
+int vlan_remove_dynamic(struct hostapd_data *hapd, vlan_t vlan_id);
 int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
 			      struct hostapd_ssid *mssid,
 			      const char *dyn_vlan);
@@ -38,12 +38,12 @@  static inline void vlan_deinit(struct hostapd_data *hapd)
 
 static inline struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
 						     struct hostapd_vlan *vlan,
-						     int vlan_id)
+						     vlan_t vlan_id)
 {
 	return NULL;
 }
 
-static inline int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id)
+static inline int vlan_remove_dynamic(struct hostapd_data *hapd, vlan_t vlan_id)
 {
 	return -1;
 }
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index f08ded8..e54f947 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -100,7 +100,7 @@  static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
 
 
 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
-				   int vlan_id,
+				   vlan_t vlan_id,
 				   enum wpa_alg alg, const u8 *addr, int idx,
 				   u8 *key, size_t key_len)
 {
@@ -214,7 +214,8 @@  static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
 static void wpa_group_free(struct wpa_group *group)
 {
 	wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
-		   group->vlan_id);
+	                       vlan_untagged(&group->vlan_id));
+	vlan_free(&group->vlan_id);
 	os_free(group);
 }
 
@@ -331,7 +332,7 @@  static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
 
 
 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
-					 int vlan_id, int delay_init)
+					 vlan_t vlan_id, int delay_init)
 {
 	struct wpa_group *group;
 
@@ -340,7 +341,7 @@  static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
 		return NULL;
 
 	group->GTKAuthenticator = TRUE;
-	group->vlan_id = vlan_id;
+	vlan_alloc_copy(&group->vlan_id, &vlan_id);
 	group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
 
 	if (random_pool_ready() != 1) {
@@ -403,7 +404,8 @@  struct wpa_authenticator * wpa_init(const u8 *addr,
 		return NULL;
 	}
 
-	wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
+	vlan_t vlan_id = VLAN_NULL;
+	wpa_auth->group = wpa_group_init(wpa_auth, vlan_id, 1);
 	if (wpa_auth->group == NULL) {
 		os_free(wpa_auth->wpa_ie);
 		os_free(wpa_auth);
@@ -1448,7 +1450,8 @@  void wpa_remove_ptk(struct wpa_state_machine *sm)
 {
 	sm->PTK_valid = FALSE;
 	os_memset(&sm->PTK, 0, sizeof(sm->PTK));
-	wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
+	wpa_auth_set_key(sm->wpa_auth, VLAN_NULL, WPA_ALG_NONE, sm->addr, 0,
+	                 NULL, 0);
 	sm->pairwise_set = FALSE;
 	eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
 }
@@ -2079,7 +2082,7 @@  SM_STATE(WPA_PTK, PTKINITDONE)
 	if (sm->Pair) {
 		enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
 		int klen = wpa_cipher_key_len(sm->pairwise);
-		if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
+		if (wpa_auth_set_key(sm->wpa_auth, VLAN_NULL, alg, sm->addr, 0,
 				     sm->PTK.tk1, klen)) {
 			wpa_sta_disconnect(sm->wpa_auth, sm->addr);
 			return;
@@ -2407,7 +2410,7 @@  static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
 			       struct wpa_group *group)
 {
 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
-		   "GTK_INIT (VLAN-ID %d)", group->vlan_id);
+		   "GTK_INIT (VLAN-ID %d)", vlan_untagged(&group->vlan_id));
 	group->changed = FALSE; /* GInit is not cleared here; avoid loop */
 	group->wpa_group_state = WPA_GROUP_GTK_INIT;
 
@@ -2544,7 +2547,7 @@  static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
 	int tmp;
 
 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
-		   "SETKEYS (VLAN-ID %d)", group->vlan_id);
+		   "SETKEYS (VLAN-ID %d)", vlan_untagged(&group->vlan_id));
 	group->changed = TRUE;
 	group->wpa_group_state = WPA_GROUP_SETKEYS;
 	group->GTKReKey = FALSE;
@@ -2601,7 +2604,7 @@  static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
 				 struct wpa_group *group)
 {
 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
-		   "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
+		   "SETKEYSDONE (VLAN-ID %d)", vlan_untagged(&group->vlan_id));
 	group->changed = TRUE;
 	group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
 
@@ -2982,7 +2985,7 @@  void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
 
 
 static struct wpa_group *
-wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
+wpa_auth_add_group(struct wpa_authenticator *wpa_auth, vlan_t vlan_id)
 {
 	struct wpa_group *group;
 
@@ -2990,7 +2993,7 @@  wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
 		return NULL;
 
 	wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
-		   vlan_id);
+		   vlan_untagged(&vlan_id));
 	group = wpa_group_init(wpa_auth, vlan_id, 0);
 	if (group == NULL)
 		return NULL;
@@ -3002,7 +3005,7 @@  wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
 }
 
 
-int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
+int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, vlan_t vlan_id)
 {
 	struct wpa_group *group;
 
@@ -3011,7 +3014,7 @@  int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
 
 	group = sm->wpa_auth->group;
 	while (group) {
-		if (group->vlan_id == vlan_id)
+		if (vlan_cmp(&group->vlan_id, &vlan_id))
 			break;
 		group = group->next;
 	}
@@ -3026,7 +3029,8 @@  int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
 		return 0;
 
 	wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
-		   "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
+		   "machine for VLAN ID %d", MAC2STR(sm->addr),
+		   vlan_untagged(&vlan_id));
 
 	sm->group->references--;
 	sm->group = group;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index ebfe86f..f4c17a0 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -10,6 +10,7 @@ 
 #define WPA_AUTH_H
 
 #include "common/defs.h"
+#include "common/vlan.h"
 #include "common/eapol_common.h"
 #include "common/wpa_common.h"
 
@@ -186,7 +187,7 @@  struct wpa_auth_callbacks {
 	int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
 	const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *prev_psk);
 	int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
-	int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg,
+	int (*set_key)(void *ctx, vlan_t vlan_id, enum wpa_alg alg,
 		       const u8 *addr, int idx, u8 *key, size_t key_len);
 	int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
 	int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
@@ -265,7 +266,7 @@  int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
 			       struct eapol_state_machine *eapol);
 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
 			   const u8 *sta_addr);
-int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
+int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, vlan_t vlan_id);
 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
 				  struct wpa_state_machine *sm, int ack);
 
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 1bb5d97..5f944cc 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -737,7 +737,7 @@  u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
 
 
 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
-				   int vlan_id,
+				   vlan_t vlan_id,
 				   enum wpa_alg alg, const u8 *addr, int idx,
 				   u8 *key, size_t key_len)
 {
@@ -768,7 +768,7 @@  void wpa_ft_install_ptk(struct wpa_state_machine *sm)
 	 * again after association to get the PTK configured, but that could be
 	 * optimized by adding the STA entry earlier.
 	 */
-	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
+	if (wpa_auth_set_key(sm->wpa_auth, VLAN_NULL, alg, sm->addr, 0,
 			     sm->PTK.tk1, klen))
 		return;
 
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index e2be1ea..c769644 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -245,14 +245,14 @@  static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
 }
 
 
-static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
+static int hostapd_wpa_auth_set_key(void *ctx, vlan_t vlan_id, enum wpa_alg alg,
 				    const u8 *addr, int idx, u8 *key,
 				    size_t key_len)
 {
 	struct hostapd_data *hapd = ctx;
 	const char *ifname = hapd->conf->iface;
 
-	if (vlan_id > 0) {
+	if (vlan_notempty(&vlan_id) && vlan_untagged(&vlan_id) >= 0) {
 		ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
 		if (ifname == NULL)
 			return -1;
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 8fbd4ff..798d589 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -126,7 +126,7 @@  struct wpa_state_machine {
 /* per group key state machine data */
 struct wpa_group {
 	struct wpa_group *next;
-	int vlan_id;
+	vlan_t vlan_id;
 
 	Boolean GInit;
 	int GKeyDoneStations;
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index cdfcca1..b0aa98a 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -609,7 +609,7 @@  int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 				 "PMKID found from PMKSA cache "
 				 "eap_type=%d vlan_id=%d",
 				 sm->pmksa->eap_type_authsrv,
-				 sm->pmksa->vlan_id);
+				 vlan_untagged(&sm->pmksa->vlan_id));
 		os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
 	}