From patchwork Thu May 12 15:28:11 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?G=C3=BCnther_Kelleter?= X-Patchwork-Id: 621648 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2001:1868:205::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3r5H2k12Vrz9t41 for ; Fri, 13 May 2016 01:29:02 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=devolo.de header.i=@devolo.de header.b=xfsNdiDE; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1b0sXd-0001Ee-C0; Thu, 12 May 2016 15:28:45 +0000 Received: from smtp.devolo.com ([89.1.14.71]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1b0sXZ-000178-Eg for hostap@lists.infradead.org; Thu, 12 May 2016 15:28:43 +0000 Received: from localhost (localhost [127.0.0.1]) by smtp.devolo.com (Postfix) with ESMTP id E2274105952 for ; Thu, 12 May 2016 17:28:16 +0200 (CEST) X-Virus-Scanned: devolo AG Received: from smtp.devolo.com ([127.0.0.1]) by localhost (smtp.devolo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZVPtsVac0td3 for ; Thu, 12 May 2016 17:28:12 +0200 (CEST) Received: from mail.devolo.de (vesta.devolo.intern [10.1.1.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.devolo.com (Postfix) with ESMTPS id 5275E1002AB for ; Thu, 12 May 2016 17:28:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=devolo.de; s=default; t=1463066892; bh=mA0hLtjIfq6iKJwBlI509/ozo1noi84rWcZHt3bzU5c=; h=From:To:Subject:Date:References:In-Reply-To:From; b=xfsNdiDEI4bbAF5kSkyS1ncT1otSEqzqbyWVNzrgM8SVmL1kGwrJDHGwvazaIA7BE HTvr4g9ZtQ+qgnZMcsnJduCQLyyJ4GiLDvh+lw4ekNhxCHRFf7a7PuSH+v3LmuoBk1 GxHc3yvEXUXk/3Z1eh4ynVTJqc1o+tq0CE3E7YzY= Received: from PALLAS.devolo.intern ([fe80::e9b2:d777:3c47:d8ad]) by Vesta.devolo.intern ([fe80::f029:3a7c:4f2f:5a86%10]) with mapi id 14.03.0248.002; Thu, 12 May 2016 17:28:12 +0200 From: Guenther Kelleter To: "hostap@lists.infradead.org" Subject: RE: dynamic vlan with ath10k not working - regression Thread-Topic: dynamic vlan with ath10k not working - regression Thread-Index: AdGrkPPZPx1WPb2jQXKZH71/NYLexgASEYoAABZC3pAAC8nwQA== Date: Thu, 12 May 2016 15:28:11 +0000 Message-ID: References: <9d0e461dcbfff4dd81e73cec39e24ba7@fami-braun.de> In-Reply-To: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.1.30.13] MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160512_082842_001528_3F9A552A X-CRM114-Status: GOOD ( 27.42 ) X-Spam-Score: -2.0 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [89.1.14.71 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Replying to my own message: > -----Original Message----- > From: Hostap [mailto:hostap-bounces@lists.infradead.org] On Behalf Of Guenther > Kelleter > Sent: Thursday, May 12, 2016 12:25 PM > To: hostap@lists.infradead.org > Subject: RE: dynamic vlan with ath10k not working - regression > > Hi > > At first please excuse my ignorance but I'm new to WiFi and hostapd and don't > know yet how all this is working. > > > -----Original Message----- > > From: michael-dev [mailto:michael-dev@fami-braun.de] > > Sent: Thursday, May 12, 2016 3:03 AM > > To: Guenther Kelleter > > Cc: hostap@lists.infradead.org > > Subject: Re: dynamic vlan with ath10k not working - regression > > > > Hi, > > > > Am 11.05.2016 16:25, schrieb Guenther Kelleter: > > > Since commit 7cebc8e2100626dc6981a3f53301058452953b9b, "Fix init of > > > group state machine for static VLANs" dynamic VLAN isn't working with > > > atk10k radio anymore. Parent commit works as expected. > > > > basically this fix added wpa group key initialization during ap_vlan > > interface creation, that is before any station is assigned to the > > driver. > > This is required for static VLANs with WPA where AP_VLAN interfaces are > > created possibly long before any station connects. > > What exactly is not working in the static VLAN case? > I can configure an SSID to be part of a non-dynamic vlan in OpenWrt, i.e. that > all stations are put in the configured vlan-bridge. This doesn't create a > wlan0. interface but uses the plain wlan0. I can't see anything not > working in this case before this fix was added. > Maybe you're talking about a different thing? > > > > > > Symptom is that neither wlanX-Y. nor the corresponding > > > vlan-bridge is created. Association fails. > > > > The driver refuses to accept the key. Therefore that per VLAN wpa_group > > enters state FATAL_FAILURE, thus stations cannot complete group keying. > > > > Solutions > > a) make ath10k accept group keys without any station connected > > I understand even less of the driver than of hostapd :-) It's a pitch black > box... > > > b) let hostapd skip set_key without any stations connected if this is a > > dynamic vlan. This means static VLANs will continue to not work with > > ath10k. > > Hmmm... looking at the code I'm not sure how to do that > Prevent calling wpa_group_setkeysdone? Adding this patch the station can associate again and the tagged wlan interface is created and put into the vlan-bridge. But I don't know what negative consequences it could cause: > > > > > I unsure which would be best? > > > > > I tried the same with ath9k radio: works as expected with both > > > versions. > > > > > > This is the relevant debug log of hostapd: > > > > > > wlan0-2: STA 78:7e:61:61:15:a3 RADIUS: VLAN ID 20 > > > > so we add the new ap_vlan interface due to a station needing it. > > > > > nl80211: New interface wlan0-2.20 created: ifindex=60 > > > > that interface has ifindex=60 assigned > > > > > VLAN: Set interface wlan0-2.20 up > > > > and is configured ifconfig_up > > > > > WPA: Add group state machine for VLAN-ID 20 > > > > now wpa group keying starts before the station was assigned to the > > driver > > > > > wpa_driver_nl80211_set_key: ifindex=60 (wlan0-2.20) alg=3 > > > addr=0x496be4 key_idx=1 set_tx=1 seq_len=0 key_len=16 > > > > a wpa group key shall be configured to the wireless driver > > > > > nl80211: set_key failed; err=-22 Invalid argument) > > > > but the driver does not like it. I don't know why. It should not. > > > > > WPA: group state machine entering state FATAL_FAILURE > > > > so the group state machine blocks and > > > > > WPA initialization for VLAN 20 failed (-1) > > > > interface initialization is declared failing > > > > Regards, > > M. Braun > > > Günther > > _______________________________________________ > Hostap mailing list > Hostap@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/hostap diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 9c136ef..bca8573 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -361,7 +361,7 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth, if (group == NULL) return NULL; - group->GTKAuthenticator = TRUE; + group->GTKAuthenticator = FALSE; group->vlan_id = vlan_id; group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);