dynamic vlan with ath10k not working - regression

Guenther Kelleter Guenther.Kelleter at devolo.de
Thu May 12 08:28:11 PDT 2016 

Replying to my own message:

> -----Original Message-----
> From: Hostap [mailto:hostap-bounces at lists.infradead.org] On Behalf Of Guenther
> Kelleter
> Sent: Thursday, May 12, 2016 12:25 PM
> To: hostap at lists.infradead.org
> Subject: RE: dynamic vlan with ath10k not working - regression
> 
> Hi
> 
> At first please excuse my ignorance but I'm new to WiFi and hostapd and don't
> know yet how all this is working.
> 
> > -----Original Message-----
> > From: michael-dev [mailto:michael-dev at fami-braun.de]
> > Sent: Thursday, May 12, 2016 3:03 AM
> > To: Guenther Kelleter
> > Cc: hostap at lists.infradead.org
> > Subject: Re: dynamic vlan with ath10k not working - regression
> >
> > Hi,
> >
> > Am 11.05.2016 16:25, schrieb Guenther Kelleter:
> > > Since commit 7cebc8e2100626dc6981a3f53301058452953b9b, "Fix init of
> > > group state machine for static VLANs" dynamic VLAN isn't working with
> > > atk10k radio anymore. Parent commit works as expected.
> >
> > basically this fix added wpa group key initialization during ap_vlan
> > interface creation, that is before any station is assigned to the
> > driver.
> > This is required for static VLANs with WPA where AP_VLAN interfaces are
> > created possibly long before any station connects.
> 
> What exactly is not working in the static VLAN case?
> I can configure an SSID to be part of a non-dynamic vlan in OpenWrt, i.e. that
> all stations are put in the configured vlan-bridge. This doesn't create a
> wlan0.<VLAN-ID> interface but uses the plain wlan0. I can't see anything not
> working in this case before this fix was added.
> Maybe you're talking about a different thing?
> 
> >
> > > Symptom is that neither wlanX-Y.<VLAN-ID> nor the corresponding
> > > vlan-bridge is created. Association fails.
> >
> > The driver refuses to accept the key. Therefore that per VLAN wpa_group
> > enters state FATAL_FAILURE, thus stations cannot complete group keying.
> >
> > Solutions
> > a) make ath10k accept group keys without any station connected
> 
> I understand even less of the driver than of hostapd :-) It's a pitch black
> box...
> 
> > b) let hostapd skip set_key without any stations connected if this is a
> > dynamic vlan. This means static VLANs will continue to not work with
> > ath10k.
> 
> Hmmm... looking at the code I'm not sure how to do that
> Prevent calling wpa_group_setkeysdone?

Adding this patch the station can associate again and the tagged wlan interface is created and put into the vlan-bridge. But I don't know what negative consequences it could cause:

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 9c136ef..bca8573 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -361,7 +361,7 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
 	if (group == NULL)
 		return NULL;
 
-	group->GTKAuthenticator = TRUE;
+	group->GTKAuthenticator = FALSE;
 	group->vlan_id = vlan_id;
 	group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
 


> 
> >
> > I unsure which would be best?
> >
> > > I tried the same with ath9k radio: works as expected with both
> > > versions.
> > >
> > > This is the relevant debug log of hostapd:
> > >
> > > wlan0-2: STA 78:7e:61:61:15:a3 RADIUS: VLAN ID 20
> >
> > so we add the new ap_vlan interface due to a station needing it.
> >
> > > nl80211: New interface wlan0-2.20 created: ifindex=60
> >
> > that interface has ifindex=60 assigned
> >
> > > VLAN: Set interface wlan0-2.20 up
> >
> > and is configured ifconfig_up
> >
> > > WPA: Add group state machine for VLAN-ID 20
> >
> > now wpa group keying starts before the station was assigned to the
> > driver
> >
> > > wpa_driver_nl80211_set_key: ifindex=60 (wlan0-2.20) alg=3
> > > addr=0x496be4 key_idx=1 set_tx=1 seq_len=0 key_len=16
> >
> > a wpa group key shall be configured to the wireless driver
> >
> > > nl80211: set_key failed; err=-22 Invalid argument)
> >
> > but the driver does not like it. I don't know why. It should not.
> >
> > > WPA: group state machine entering state FATAL_FAILURE
> >
> > so the group state machine blocks and
> >
> > > WPA initialization for VLAN 20 failed (-1)
> >
> > interface initialization is declared failing
> >
> > Regards,
> > M. Braun
> 
> 
> Günther
> 
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap

More information about the Hostap mailing list