[PATCH 00/13] Tagged VLAN and per_sta_vif support

Jouni Malinen j at w1.fi
Sun Dec 6 01:54:31 PST 2015


On Sun, Nov 01, 2015 at 05:10:01PM +0100, Michael Braun wrote:
> This series introduces to hostapd:
>   * tagged VLAN support (RADIUS EGRESS_VLAN)
>   * per station AP_VLAN interface option
>   * RADIUS EGRESS_VLAN attribute support also for untagged VLANs

Thanks. Could you please rebase this on top of the current master
branch? There were some changes in src/ap/ieee802_11_auth.c a week or so
before you sent this set and it conflicts with the first patch.

Please also add the copyright/license header to any new source code file
that gets added.

> Why per station AP_VLAN interface option?
> It brings
>   * per station group key for security
>   * enables reuse of bridge IGMP/MLD snooping when doing multicast to unicast
>     conversion in kernel for all traffic.
>     non-upstream patch for mac80211: [1]

Could you please clarify what happens if that non-upstream patch is not
there? Would it be possible to first submit only the hostapd changes
that do not depend on any non-upstream patch?

>   radius: add tagged vlan parsing
>   radius: add EGRESS_VLANID to radius name attribute dumper

It would make sense to merge these into a single patch. The second one
looks like something was forgotten from the first one..


PS.

It would be nice to get this set on the mailing list so that others who
might be interested in reviewing it would get a chance to do so. I'm
including the full cover letter of the set below for reference:


This series introduces to hostapd:
  * tagged VLAN support (RADIUS EGRESS_VLAN)
  * per station AP_VLAN interface option
  * RADIUS EGRESS_VLAN attribute support also for untagged VLANs

Why per station AP_VLAN interface option?
It brings
  * per station group key for security
  * enables reuse of bridge IGMP/MLD snooping when doing multicast to unicast
    conversion in kernel for all traffic.
    non-upstream patch for mac80211: [1]
  * finer inter station traffic filtering using ebtables
    (traffic forwarded by an AP between stations connected locally)
Actually, this change is really small when on top of tagged vlan support.

How does this approach differ from the previous ones?
  * struct hostapd_vlan gets defined to be per AP_VLAN, as it is already.
  * int vlan_id points to a valid struct hostapd_vlan, as it is already.
  * Uplink configuration becomes a fixed size struct vlan_description that is
    independent from int vlan_id. This means no extra reference counting is
    needed, but there is a compile-limit for the maximum number of tagged vlans
    that can be applied to a single station.
    So multiple struct hostapd_vlan within a single BSS can share an uplink
    configuration (before they this could only happen within different BSS).
  * Uplink configuration is
    1. read from RADIUS or file
    2. copied to struct sta_info (when int vlan_id is set),
    3. copied to struct hostapd_vlan
    4. and then applied.
    So all other places can stick with int vlan_id.
  * When neither tagged vlan nor per station AP_VLAN interface is used,
    int vlan_id will continue to be equal the untagged vlan id requested.
    Stations with tagged vlans or per station AP_VLAN will have vlan_id > 4096.

This change also enables easy addition of other uplink configuration options as
they only need a config parser (for example in RADIUS), a member in struct
vlan_description and code that applies this settings to the AP_VLAN interface.
Example: add per station tagged_interface settings configured from RADIUS.

Regards,
 M. Braun

[1] http://git.fem.tu-ilmenau.de/?p=fem-wlan.git;a=blob;f=package/kernel/mac80211/patches/984-multicast-as-unicast.patch;h=98690557779ca6127281e878528cbdf2c8d5194d;hb=refs/heads/femwlan_stage2.kernel3.18.11


Michael Braun (13):
  Separate station grouping and uplink configuration
  add per-sta vif option
  radius: add tagged vlan parsing
  vlan: factor out per-vid code in newlink/dellink
  vlan: actually add tagged vlans to vif
  test: verify test_ap_vlan_iface_cleanup_multibss with per_sta_vif
  test: test sta assigned to vif under per_sta_vif
  test: test untagged vlan id with EGRESS_VLANID radius attribute
  radius: add EGRESS_VLANID to radius name attribute dumper
  wpa_supplicant: parse ifname argument from DATA_TEST_CONFIG
  test: verify tagged-only connectivity
  test: verify connectivity with untagged/tagged mixed configuration
  test: verify correct vlan after rsn pre-authentication

 hostapd/config_file.c                        |   8 +-
 hostapd/ctrl_iface.c                         |  10 +-
 hostapd/hostapd.conf                         |   3 +
 src/ap/ap_config.c                           |  19 +-
 src/ap/ap_config.h                           |  10 +-
 src/ap/ieee802_11.c                          |  30 +--
 src/ap/ieee802_11_auth.c                     |  28 ++-
 src/ap/ieee802_11_auth.h                     |   3 +-
 src/ap/ieee802_1x.c                          |  58 +++--
 src/ap/pmksa_cache_auth.c                    |   7 +-
 src/ap/pmksa_cache_auth.h                    |   2 +-
 src/ap/sta_info.c                            | 161 +++++++++++---
 src/ap/sta_info.h                            |   8 +-
 src/ap/vlan.h                                |  12 ++
 src/ap/vlan_init.c                           | 308 +++++++++++++++++----------
 src/ap/vlan_init.h                           |  11 +-
 src/radius/radius.c                          |  55 ++++-
 src/radius/radius.h                          |   4 +-
 tests/hwsim/auth_serv/eap_user.conf          |  12 ++
 tests/hwsim/multi-bss-iface-per_sta_vif.conf |  43 ++++
 tests/hwsim/test_ap_vlan.py                  |  91 +++++++-
 tests/hwsim/test_pmksa_cache.py              |   7 +
 wpa_supplicant/ctrl_iface.c                  |  10 +-
 wpa_supplicant/tests/link_test.c             |   3 +-
 24 files changed, 688 insertions(+), 215 deletions(-)
 create mode 100644 src/ap/vlan.h
 create mode 100644 tests/hwsim/multi-bss-iface-per_sta_vif.conf

-- 
2.1.4


-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list