[PATCH 00/13] Tagged VLAN and per_sta_vif support

M. Braun michael-dev at fami-braun.de
Sun Dec 6 12:50:44 PST 2015 

Am 06.12.2015 um 10:54 schrieb Jouni Malinen:
> On Sun, Nov 01, 2015 at 05:10:01PM +0100, Michael Braun wrote:
>> This series introduces to hostapd:
>>   * tagged VLAN support (RADIUS EGRESS_VLAN)
>>   * per station AP_VLAN interface option
>>   * RADIUS EGRESS_VLAN attribute support also for untagged VLANs
> 
> Thanks. Could you please rebase this on top of the current master
> branch? There were some changes in src/ap/ieee802_11_auth.c a week or so
> before you sent this set and it conflicts with the first patch.
> 
> Please also add the copyright/license header to any new source code file
> that gets added.

ok

>> Why per station AP_VLAN interface option?
>> It brings
>>   * per station group key for security
>>   * enables reuse of bridge IGMP/MLD snooping when doing multicast to unicast
>>     conversion in kernel for all traffic.
>>     non-upstream patch for mac80211: [1]
> 
> Could you please clarify what happens if that non-upstream patch is not
> there? Would it be possible to first submit only the hostapd changes
> that do not depend on any non-upstream patch?

This change is about creating a unique AP_VLAN interface per station
connected. This is independed from tagged VLAN support as such but
benefits from common infrastructure (e.g. ap_sta_get_free_vlan_id). The
series v2 will move per-sta-vif changes on top of tagged vlan support.

Creating an AP_VLAN interface per station works regardless of whether
the uplink changes are present or not. Even without upstream kernel
patch per station group key and ebtables filtering become trivially
available.
Thought, the change also results in each multicast packet being
submitted once per station at broadcast rate. Enabling IGMP/MLD snooping
at bridg level will suppress this for those stations not subscribed to
the target multicast group.

The non-upstream kernel change is aiming at speeding this up by not
using the broadcast rate but instead converting to unicast first,
resulting in faster rates to be used for packet transmission a long with
better reliability.

>>   radius: add tagged vlan parsing
>>   radius: add EGRESS_VLANID to radius name attribute dumper
> 
> It would make sense to merge these into a single patch. The second one
> looks like something was forgotten from the first one..

The second one is for debug out readability only, but anyway they got
squashed in v2.

Thanks,
 M. Braun

More information about the Hostap mailing list