Date: Sat, 16 Jan 2010 12:21:22 -0800 From: Sam Leffler <sam@errno.com> To: Russell Yount <russell.yount@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: atheros broadcast/multicast corruption with multiple hostap's Message-ID: <4B521FC2.4050402@errno.com> In-Reply-To: <c62ff5ca0912302316o59c01ec5wd9efd008afd59c7f@mail.gmail.com> References: <c62ff5ca0912302316o59c01ec5wd9efd008afd59c7f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Russell Yount wrote: > It seems AP to client broadcasts/multicasts traffic is > broken when using WPA2/802.11i with multiple hostapds in 8.0. > > Only the SSID associated with the last hostapd to be started has > AP to client broadcasts/multicasts being delivered correctly. > > The AP and client are 8.0 freebsd systems althought I see same > problems with windows XP as a client. > > The AP has 4 hostapds configured to use TLS with client certificates for > authentication. (hostapd recompiled with HOSTAPD_CFLAGS=-DEAP_SERVER) > The AP and client radio are shown as ath0: AR5212 mac 5.9 RF5112 phy 4.3 > in dmesg. > > Client authenticate using client certificates associate correctly > to all 4 SSIDs. Unicast traffic flows correctly between clients and AP > for all for 4 SSIDs. Client to AP broadcast/multicast traffic works > on of 4 SSIDs. AP to client broadcast/multicast traffic only works > on 1 of the SSIDs. I have documented this using ARP broadcasts, > but normal IP broadcasts also observed to corrupted. > > When an ARP request is send through the AP to an associated client > it seems to be trashed on any of the SSID except the one associated > with the last hostapd to be started. Here is the output of client side > tcpdump showing the problems. > > In the first client side tcpdump with the hostapd associated with the SSID > being associaed with the last hostapd started and the traffic flowing > normally. > > In the second client side tcpdump with the hostapd associated with the SSID > being not the last hostapd started the ARP request is resent multiple times > and appears corrupted. > > I would really like to find a fix for this. > Any help would be greatly appreciated. This sounds like the crypto encap of the frame is clobbering the mbuf contents. You can verify this by setting up multiple vaps w/o WPA. If this is the problem look for the mbuf copy logic for mcast frames and make sure a deep copy is done. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B521FC2.4050402>