[PATCHv3 00/12] Tagged VLAN and per_sta_vif support

michael-dev at fami-braun.de michael-dev at fami-braun.de
Thu Jan 21 05:51:55 PST 2016


From: Michael Braun <michael-dev at fami-braun.de>

This series introduces to hostapd:
  * tagged VLAN support (RADIUS EGRESS_VLAN)
  * per station AP_VLAN interface option
  * RADIUS EGRESS_VLAN attribute support also for untagged VLANs

Why per station AP_VLAN interface option?
It brings
  * per station group key for security
  * enables reuse of bridge IGMP/MLD snooping when doing multicast to unicast
    conversion in kernel for all traffic.
    non-upstream patch for mac80211: [1]
  * finer inter station traffic filtering using ebtables
    (traffic forwarded by an AP between stations connected locally)
Actually, this change is really small when on top of tagged vlan support.

How does this approach differ from the previous ones?
  * struct hostapd_vlan gets defined to be per AP_VLAN, as it is already.
  * int vlan_id points to a valid struct hostapd_vlan, as it is already.
  * Uplink configuration becomes a fixed size struct vlan_description that is
    independent from int vlan_id. This means no extra reference counting is
    needed, but there is a compile-limit for the maximum number of tagged vlans
    that can be applied to a single station.
    So multiple struct hostapd_vlan within a single BSS can share an uplink
    configuration (before they this could only happen within different BSS).
  * Uplink configuration is
    1. read from RADIUS or file
    2. copied to struct sta_info (when int vlan_id is set),
    3. copied to struct hostapd_vlan
    4. and then applied.
    So all other places can stick with int vlan_id.
  * When neither tagged vlan nor per station AP_VLAN interface is used,
    int vlan_id will continue to be equal the untagged vlan id requested.
    Stations with tagged vlans or per station AP_VLAN will have vlan_id > 4096.

This change also enables easy addition of other uplink configuration options as
they only need a config parser (for example in RADIUS), a member in struct
vlan_description and code that applies this settings to the AP_VLAN interface.
Example: add per station tagged_interface settings configured from RADIUS.

Regards,
 M. Braun

[1] http://git.fem.tu-ilmenau.de/?p=fem-wlan.git;a=blob;f=package/kernel/mac80211/patches/984-multicast-as-unicast.patch;h=98690557779ca6127281e878528cbdf2c8d5194d;hb=refs/heads/femwlan_stage2.kernel3.18.11

v2: rebase onto current HEAD and address comments
v3: address comments on v2 regarding memory usage and struct comparison
    I still cannot reproduce the issues with the tests mentioned.
    Could you please send me hwsim test logs for those?

Michael Braun (12):
  Separate station grouping and uplink configuration
  radius: add tagged vlan parsing
  vlan: factor out per-vid code in newlink/dellink
  VLAN: actually add tagged vlans to AP_VLAN
  vlan: add per-sta vif option
  wpa_supplicant: parse ifname argument from DATA_TEST_CONFIG
  test: verify tagged-only connectivity
  test: verify test_ap_vlan_iface_cleanup_multibss with per_sta_vif
  test: sta assigned to vif under per_sta_vif
  test: untagged vlan id with EGRESS_VLANID radius attribute
  test: verify connectivity with untagged/tagged mixed configuration
  test: verify correct vlan after rsn pre-authentication

 hostapd/Makefile                             |   1 +
 hostapd/config_file.c                        |   8 +-
 hostapd/ctrl_iface.c                         |   8 +-
 hostapd/hostapd.conf                         |  11 +
 src/ap/ap_config.c                           |  20 +-
 src/ap/ap_config.h                           |  10 +-
 src/ap/ieee802_11.c                          |  30 +--
 src/ap/ieee802_11_auth.c                     |  35 +--
 src/ap/ieee802_11_auth.h                     |   6 +-
 src/ap/ieee802_1x.c                          |  58 +++--
 src/ap/pmksa_cache_auth.c                    |  25 ++-
 src/ap/pmksa_cache_auth.h                    |   2 +-
 src/ap/sta_info.c                            | 159 +++++++++++---
 src/ap/sta_info.h                            |   8 +-
 src/ap/vlan.c                                |  27 +++
 src/ap/vlan.h                                |  30 +++
 src/ap/vlan_init.c                           | 312 +++++++++++++++++----------
 src/ap/vlan_init.h                           |  11 +-
 src/ap/wpa_auth_ie.c                         |   7 +-
 src/radius/radius.c                          |  57 ++++-
 src/radius/radius.h                          |   4 +-
 tests/hwsim/auth_serv/eap_user.conf          |  12 ++
 tests/hwsim/multi-bss-iface-per_sta_vif.conf |  42 ++++
 tests/hwsim/test_ap_vlan.py                  |  93 +++++++-
 tests/hwsim/test_pmksa_cache.py              |   7 +
 wpa_supplicant/ctrl_iface.c                  |  10 +-
 26 files changed, 772 insertions(+), 221 deletions(-)
 create mode 100644 src/ap/vlan.c
 create mode 100644 src/ap/vlan.h
 create mode 100644 tests/hwsim/multi-bss-iface-per_sta_vif.conf

-- 
2.1.4




More information about the Hostap mailing list