From owner-freebsd-stable@FreeBSD.ORG Sat Jan 16 20:21:24 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 056D21065670 for ; Sat, 16 Jan 2010 20:21:24 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id B21AB8FC16 for ; Sat, 16 Jan 2010 20:21:23 +0000 (UTC) Received: from ice.local ([10.0.0.115]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id o0GKLMNq071783 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 16 Jan 2010 12:21:23 -0800 (PST) (envelope-from sam@errno.com) Message-ID: <4B521FC2.4050402@errno.com> Date: Sat, 16 Jan 2010 12:21:22 -0800 From: Sam Leffler User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Russell Yount References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DCC-URT-Metrics: ebb.errno.com; whitelist Cc: freebsd-stable@freebsd.org Subject: Re: atheros broadcast/multicast corruption with multiple hostap's X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jan 2010 20:21:24 -0000 Russell Yount wrote: > It seems AP to client broadcasts/multicasts traffic is > broken when using WPA2/802.11i with multiple hostapds in 8.0. > > Only the SSID associated with the last hostapd to be started has > AP to client broadcasts/multicasts being delivered correctly. > > The AP and client are 8.0 freebsd systems althought I see same > problems with windows XP as a client. > > The AP has 4 hostapds configured to use TLS with client certificates for > authentication. (hostapd recompiled with HOSTAPD_CFLAGS=-DEAP_SERVER) > The AP and client radio are shown as ath0: AR5212 mac 5.9 RF5112 phy 4.3 > in dmesg. > > Client authenticate using client certificates associate correctly > to all 4 SSIDs. Unicast traffic flows correctly between clients and AP > for all for 4 SSIDs. Client to AP broadcast/multicast traffic works > on of 4 SSIDs. AP to client broadcast/multicast traffic only works > on 1 of the SSIDs. I have documented this using ARP broadcasts, > but normal IP broadcasts also observed to corrupted. > > When an ARP request is send through the AP to an associated client > it seems to be trashed on any of the SSID except the one associated > with the last hostapd to be started. Here is the output of client side > tcpdump showing the problems. > > In the first client side tcpdump with the hostapd associated with the SSID > being associaed with the last hostapd started and the traffic flowing > normally. > > In the second client side tcpdump with the hostapd associated with the SSID > being not the last hostapd started the ARP request is resent multiple times > and appears corrupted. > > I would really like to find a fix for this. > Any help would be greatly appreciated. This sounds like the crypto encap of the frame is clobbering the mbuf contents. You can verify this by setting up multiple vaps w/o WPA. If this is the problem look for the mbuf copy logic for mcast frames and make sure a deep copy is done. Sam