dynamic vlan with ath10k not working - regression

M. Braun michael-dev at fami-braun.de
Sun May 22 05:25:54 PDT 2016

Am 20.05.2016 um 15:16 schrieb Guenther Kelleter:
> However, I might be wrong, but I think that trying to set a HW-crypt
> key for an AP_VLAN vif the driver doesn't know about is wrong in the
> first place. The AP_VLAN's (I)GTK should be passed via the
> corresponding AP vif to ieee80211_key_enable_hw_accel() instead(?)

We need different GTK per AP/AP_VLAN netdev in order to achieve per-VLAN
isolation. So the correct correct GTK when encrypting the
broadcast/multicast frame must be choosen.

As AP_VLAN is within a single BSS, BSSID cannot be used to select here.
As GTK is for broadcast/multicast frames, destination mac address cannot
be used as well.
So there is nothing except the AP_VLAN ifindex here to make the driver
or firmware choose the correct GTK.

Passing all GTK to the AP interface will essentially not allow for
multiple (per VLAN) GTK to be stored/used. Instead, the GTK for one VLAN
would override the one for another VLAN.

> Is the PTK for station on an AP_VLAN set on the corresponding AP vif
> resp. passed to AP's driver vdev? Or is AP_VLAN crypto not
> hw-accelerated?

As PTK is used for unicast traffic, the correct key can be selected
using the destination mac address (station). Thus AP_VLAN does not
matter with PTK.

M. Braun

More information about the Hostap mailing list