From owner-freebsd-stable@FreeBSD.ORG Sun Jan 17 18:45:04 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 33C821065670 for ; Sun, 17 Jan 2010 18:45:04 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id E95788FC14 for ; Sun, 17 Jan 2010 18:45:03 +0000 (UTC) Received: from ice.local ([10.0.0.115]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id o0HIj2QB081670 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 17 Jan 2010 10:45:03 -0800 (PST) (envelope-from sam@errno.com) Message-ID: <4B535AAE.3060308@errno.com> Date: Sun, 17 Jan 2010 10:45:02 -0800 From: Sam Leffler User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Russell Yount References: <4B521FC2.4050402@errno.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DCC-sonic.net-Metrics: ebb.errno.com; whitelist Cc: freebsd-stable@freebsd.org Subject: Re: atheros broadcast/multicast corruption with multiple hostap's X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jan 2010 18:45:04 -0000 Russell Yount wrote: > > > On Sat, Jan 16, 2010 at 3:21 PM, Sam Leffler > wrote: > > Russell Yount wrote: > > It seems AP to client broadcasts/multicasts traffic is > broken when using WPA2/802.11i with multiple hostapds in 8.0. > > Only the SSID associated with the last hostapd to be started has > AP to client broadcasts/multicasts being delivered correctly. > > The AP and client are 8.0 freebsd systems althought I see same > problems with windows XP as a client. > > The AP has 4 hostapds configured to use TLS with client > certificates for > authentication. (hostapd recompiled with > HOSTAPD_CFLAGS=-DEAP_SERVER) > The AP and client radio are shown as ath0: AR5212 mac 5.9 RF5112 > phy 4.3 > in dmesg. > > Client authenticate using client certificates associate correctly > to all 4 SSIDs. Unicast traffic flows correctly between clients > and AP > for all for 4 SSIDs. Client to AP broadcast/multicast traffic works > on of 4 SSIDs. AP to client broadcast/multicast traffic only works > on 1 of the SSIDs. I have documented this using ARP broadcasts, > but normal IP broadcasts also observed to corrupted. > > When an ARP request is send through the AP to an associated client > it seems to be trashed on any of the SSID except the one associated > with the last hostapd to be started. Here is the output of > client side > tcpdump showing the problems. > > In the first client side tcpdump with the hostapd associated > with the SSID > being associaed with the last hostapd started and the traffic > flowing > normally. > > In the second client side tcpdump with the hostapd associated > with the SSID > being not the last hostapd started the ARP request is resent > multiple times > and appears corrupted. > > I would really like to find a fix for this. > Any help would be greatly appreciated. > > > This sounds like the crypto encap of the frame is clobbering the > mbuf contents. You can verify this by setting up multiple vaps w/o > WPA. If this is the problem look for the mbuf copy logic for mcast > frames and make sure a deep copy is done. > > Sam > > > > > The four VAPs broadcast traffic works find without WPA if I do not start > hostapds on them > > I have been trying to discovery why broadcast traffic only works > correctly on the VAP associated with the last hostapd to be started. I > have move with VAP has the working broadcast traffic by restarting the > hostapd > associated with it. > > It would seem something in the WPA/802.1x layer initialization remembers > which hostapd was started last and that affected the crypto encap. > > I keep looking but do not see any place in the code that could account > for this. > > It seems the corrupt crypto encap also happens on broadcast between > stations. > Please correct me if I am wrong: > but when using hostapd normally traffic is bridged withing the card. > So if a station sends to the VAP a broadcast it is actaully sending a > non- broadcast frame to the AP > and the AP sends the frame to all the other stations. I told you waht the likely problem is. Look in the net80211 layer in the kernel for the problem. Sam