From owner-freebsd-stable@FreeBSD.ORG Sun Jan 17 18:10:48 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65CE3106566B for ; Sun, 17 Jan 2010 18:10:48 +0000 (UTC) (envelope-from russell.yount@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by mx1.freebsd.org (Postfix) with ESMTP id 1E7AA8FC18 for ; Sun, 17 Jan 2010 18:10:47 +0000 (UTC) Received: by qw-out-2122.google.com with SMTP id 5so478720qwd.7 for ; Sun, 17 Jan 2010 10:10:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=a++Ia4NG++O02v2OZDx7FNNt1o54kDsNSrZl3sa74Bg=; b=m+KSn0QTRwiDEHdLXPoX/isbE1OoMje2Rzn8Lq4rj2His1Dm8VO7zhKd5/qn5TURvO JA2IvYzs8F0bHDqAJ56Xa9pkOcLHqgXnBp+sbU2SMTBJl2ahqo89i+nd5T5Lbq2BQ22j UHZutL0mC3wEVAWH4CClqSvLixNN2IIBkPOeM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=FFZ5k/C4YnzNzajLAktHYjTTx0oFjf6cj+58HjmVc3LNbfplNYNs4J2DTNNQiwE1aI vnH1mPyLGirJUsLcLSmjrW96lOxX5jVt+87ygzJ7sT67EvG1pS7VFqlU4wEzZfdwydTM HFEWhmcepOQ6xvWo0j1wXNTRMxwx5Bwwi0ucQ= MIME-Version: 1.0 Received: by 10.220.122.229 with SMTP id m37mr71627vcr.75.1263751847142; Sun, 17 Jan 2010 10:10:47 -0800 (PST) In-Reply-To: <4B521FC2.4050402@errno.com> References: <4B521FC2.4050402@errno.com> Date: Sun, 17 Jan 2010 13:10:47 -0500 Message-ID: From: Russell Yount To: Sam Leffler Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-stable@freebsd.org Subject: Re: atheros broadcast/multicast corruption with multiple hostap's X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jan 2010 18:10:48 -0000 On Sat, Jan 16, 2010 at 3:21 PM, Sam Leffler wrote: > Russell Yount wrote: > >> It seems AP to client broadcasts/multicasts traffic is >> broken when using WPA2/802.11i with multiple hostapds in 8.0. >> >> Only the SSID associated with the last hostapd to be started has >> AP to client broadcasts/multicasts being delivered correctly. >> >> The AP and client are 8.0 freebsd systems althought I see same >> problems with windows XP as a client. >> >> The AP has 4 hostapds configured to use TLS with client certificates for >> authentication. (hostapd recompiled with HOSTAPD_CFLAGS=-DEAP_SERVER) >> The AP and client radio are shown as ath0: AR5212 mac 5.9 RF5112 phy 4.3 >> in dmesg. >> >> Client authenticate using client certificates associate correctly >> to all 4 SSIDs. Unicast traffic flows correctly between clients and AP >> for all for 4 SSIDs. Client to AP broadcast/multicast traffic works >> on of 4 SSIDs. AP to client broadcast/multicast traffic only works >> on 1 of the SSIDs. I have documented this using ARP broadcasts, >> but normal IP broadcasts also observed to corrupted. >> >> When an ARP request is send through the AP to an associated client >> it seems to be trashed on any of the SSID except the one associated >> with the last hostapd to be started. Here is the output of client side >> tcpdump showing the problems. >> >> In the first client side tcpdump with the hostapd associated with the SSID >> being associaed with the last hostapd started and the traffic flowing >> normally. >> >> In the second client side tcpdump with the hostapd associated with the >> SSID >> being not the last hostapd started the ARP request is resent multiple >> times >> and appears corrupted. >> >> I would really like to find a fix for this. >> Any help would be greatly appreciated. >> > > This sounds like the crypto encap of the frame is clobbering the mbuf > contents. You can verify this by setting up multiple vaps w/o WPA. If this > is the problem look for the mbuf copy logic for mcast frames and make sure a > deep copy is done. > > Sam > The four VAPs broadcast traffic works find without WPA if I do not start hostapds on them I have been trying to discovery why broadcast traffic only works correctly on the VAP associated with the last hostapd to be started. I have move with VAP has the working broadcast traffic by restarting the hostapd associated with it. It would seem something in the WPA/802.1x layer initialization remembers which hostapd was started last and that affected the crypto encap. I keep looking but do not see any place in the code that could account for this. It seems the corrupt crypto encap also happens on broadcast between stations. Please correct me if I am wrong: but when using hostapd normally traffic is bridged withing the card. So if a station sends to the VAP a broadcast it is actaully sending a non- broadcast frame to the AP and the AP sends the frame to all the other stations. -Russ