atheros broadcast/multicast corruption with multiple hostap's

[Sam Leffler]

Russell Yount wrote:
> It seems AP to client broadcasts/multicasts traffic is
> broken when using WPA2/802.11i with multiple hostapds in 8.0.
> 
> Only the SSID associated with the last hostapd to be started has
> AP to client broadcasts/multicasts being delivered correctly.
> 
> The AP and client are 8.0 freebsd systems althought I see same
> problems with windows XP as a client.
> 
> The AP has 4 hostapds configured to use TLS with client certificates for
> authentication. (hostapd recompiled with HOSTAPD_CFLAGS=-DEAP_SERVER)
> The AP and client radio are shown as ath0: AR5212 mac 5.9 RF5112 phy 4.3
> in dmesg.
> 
> Client authenticate using client certificates associate correctly
> to all 4 SSIDs. Unicast traffic flows correctly between clients and AP
> for all for 4 SSIDs. Client to AP broadcast/multicast traffic works
> on of 4 SSIDs. AP to client broadcast/multicast traffic only works
> on 1 of the SSIDs. I have documented this using ARP broadcasts,
> but normal IP broadcasts also observed to corrupted.
> 
> When an ARP request is send through the AP to an associated client
> it seems to be trashed on any of the SSID except the one associated
> with the last hostapd to be started. Here is the output of client side
> tcpdump showing the problems.
> 
> In the first client side tcpdump with the hostapd associated with the SSID
> being associaed with the last hostapd started and the traffic flowing
> normally.
> 
> In the second client side tcpdump with the hostapd associated with the SSID
> being not the last hostapd started the ARP request is resent multiple times
> and appears corrupted.
> 
> I would really like to find a fix for this.
> Any help would be greatly appreciated.

This sounds like the crypto encap of the frame is clobbering the mbuf 
contents.  You can verify this by setting up multiple vaps w/o WPA.  If 
this is the problem look for the mbuf copy logic for mcast frames and 
make sure a deep copy is done.

	Sam